The security bug with NTFS file system

[Guest]

The operating system I'm using is Windows XP Professional (Chinese
Simplified) (5.1.2600.2180, xpsp_sp2_gdr, 050301-1519, up to date) (VLK
Edition). The system is installed in the first partition of my only hard
disk, and the file system is NTFS.
One day I tried to visit the System Volume Information folder of partition
C, I hoped to see the dialog box saying "Access is denied." But I just was
able to visit the folder! Then I checked the properties of the folder, and
the Security settings showed that only SYSTEM had the permission to read and
write in the folder. During this period of time I was logging on as
Administrator (the default account of Windows XP). I tried to delete the
files in the folder, and I just made it. Then I logged off and logged on
again. This time I lost the permission to read the folder.
I'm sorry I'm not able to reproduce the problem, but I'm willing to provide
more information in the further contact.
I think this is a serious bug in Windows XP and/or other operating systems,
and Microsoft must solve this problem very soon.
Maybe I haven't provided enough information of this problem, and I'm willing
to provide more information later on. I'd like to hear from Microsoft soon.

 

[Steven L Umbach]

Why is it a serious problem that the administrator can delete a folder? The
administrator can do anything he wants to on the computer. Unless you can
reproduce the problem it is hard for anyone to explain why you, as an
administrator, were able to delete files in that folder. Important
information would be what, if any, special permissions were configured in
the advanced page of files in that folder that may have had explicit
permissions do to some access control list configuration operation you did
at one time and now the "new" files have inherited permissions.

Steve

 

[Guest]

No, in the Security settings, Administrators just had no permission to access
the folder. It means that one can access a folder which he or she has no
permission to access in NTFS partition. Isn't it a serious problem?

 

[Steven L Umbach]

Maybe you were running as system?? Administrators can do that and it would
explain why you could not access it when you logged of and logged on again.
I agree it would be a serious problem if regular users could access
folders/files that they had no permissions to on a clean operating system
with default security settings.

Steve

 

[Guest]

Maybe, but even so, there is a security bug.

 

[Guest]

No Microsoft worker replies me?

 

[Guest]

I hope that a Microsoft worker can reply me. Thanks.

 

[Guest]

I have to turn to Microsoft officers for help.

 

[Steven L Umbach]

This is a public forum - not Microsoft staffed support. You can always
contact them if you suspect a bug or security vulnerability. Be sure to
include specifics about system configuration, patch level, firewall being
used, results from last malware scan, is it consistently reproducible, etc.
They may want a dump of msinfo32.

Steve

http://support.microsoft.com/gp/contactbug

 

[Guest]

Thank you very much.