Security hole in file sharing (bug?)

[Massimo]

So it would seem.
The public route for reporting is discussed at
https://s.microsoft.com/technet/security/bulletin/alertus.aspx
I will be finding the route to test such that RDP availability
is ruled out, posting internally with MVPs for futher confirms
and experiments, and generally this will likely raise a ruckus in
visible (internally) ways if others see as you have demonstrated.

I'll have a look at this.

all the same, despite fact that I did use a map network drive, hence a
call to the old Net cmd dll, it is possible that it was intercepted and
instead tunneled inside RDP - possible is enough for me to want to
rule out possibility

Anyway, I *never* use the "map network drives" feature of RDP; so it's
definitely not involved here.

This article also states that the exposure exists even with the
XP firewall in use. This I found not true. In my test yesterday
I toggled the firewall on the laptop for the dial-up connection
and it was immediately effective in blocking access from the
RDP client with already existing mapped drive. Toggle firewall
back off and access resumed (note: this despite the fact that
there was a popup saying the change would not be effective
for the current dialup connection due to the in-use condition).

No, it states there's a bug in the firewall: if you enable exceptions for
the NetBIOS ports on the internal LAN interface (or any else), it enables
them for *every* connections. So you can't (again!) set options at the
adapter level, but only for the whole system.

Massimo

 

[Massimo]

The public route for reporting is discussed at
https://s.microsoft.com/technet/security/bulletin/alertus.aspx

I just submitted the bug report.

Massimo

 

[Roger Abell]

I read it as indicating two separate issues with the firewall.
And they do say
<quote>
Due to the bug carried over from SP1 as well as a new bug, the firewall
configuration with SP2 has a catastrophic effect.
</quote>
and then go on to describe the workaround to the now patched
"Local subnet only" exception erroneous handling.
I have the patch for that installed, and am not using any exemption
for network sharing in the firewall definitions, and I do find that
the firewall is effective in blocking the sharing.
So, as far as the article goes, I am not totally sure what they are
trying to indicate - that you can end up as safe as with XP SP1 -
but initially they say there was error back in SP1.

Anyway . . .

 

[Roger Abell]

Evidently sometimes we know more than we actually know.

I now see that I did mean now and not not

 

[Massimo]

Evidently sometimes we know more than we actually know.

I now see that I did mean now and not not

Do you have any lottery number that keeps popping up in your toughts? ;-)

Massimo

 

[Roger Abell]

Do you have any lottery number that keeps popping up in your toughts? ;-)

I wish.

FYI
I have now ruled out any RDP interaction.
Also, it seems that the share access is happening over tcp 445, the
direct hosting port introduced with W2k. This does not happen for
non dialup interfaces when MS File and Print is not bound to them.

 

[Massimo]

I have now ruled out any RDP interaction.
Also, it seems that the share access is happening over tcp 445, the
direct hosting port introduced with W2k. This does not happen for
non dialup interfaces when MS File and Print is not bound to them.

I've submitted a security hole bug report to MS using the web form, but
still no reply :-/

Massimo