Terminal doesn't lock after disconnect in Terminal Services
From: Steve Shockley (steve.shockley@SHOCKLEY.NET)Date: 02/12/02
- Previous message: Tony Chow: "Followup to Windows 2000 unable to unload registry hive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Feb 2002 22:34:56 -0500 From: Steve Shockley <steve.shockley@SHOCKLEY.NET> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
//////
Title: Terminal doesn't lock after disconnect in Terminal Services
Date: 11 Feb 2002
Software: Windows 2000 Server, SP0, SP1, SP2
Impact: Possible Privilege Elevation
Risk: Low
\\\\\\
Issue:
======
Windows 2000 Server allows an administrator to connect via the Terminal
Services client to manage the server. This feature provides a convenient
way for an administrator to manage servers from a desktop which isn't logged
in as an admin.
Normally, the TS client will lock just like the console will with the same
timeout as the screen-saver. However, if you use the "disconnect" feature
of the TS client, it won't lock the terminal when you reconnect.
To Duplicate:
=============
Connect to a server running Terminal Services in Administration mode. Leave
the connection open and idle long enough for the "screen saver" to activate.
Disconnect the session by closing the window. Reconnect to the session, and
the "screen saver" will never activate.
Tested using Windows 2000 Server with SP0, SP1 and SP2, and the Terminal
Server client under Win98SE, Windows 2000 Pro and Windows XP Pro.
Mitigating factors:
===================
Exploiting this bug would require an admin leaving a TS session logged in.
However, the behavior of the TS client isn't "as advertised", so an admin
may be more likely to put a system at risk unknowingly.
Vendor notification:
====================
Microsoft was notified of the bug on 18 September 2001 via Whistler bug
report XP43019, and on 7 January 2002 via Security@microsoft.com. In both
cases, I was informed that it wasn't a vulnerability, but that the bug
should be addressed. Fair enough, but there should
at least be a KB article discussing the issue.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by VeriSign - The Internet Trust Company
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Do you have 128-bit SSL encryption server security?
Get VeriSign's FREE Guide, "Securing Your Web Site for Business," and learn
everything you need to know about using 128-bit SSL to encrypt your
e-commerce transactions, secure your intranets and authenticate your Web
site. 128-bit SSL is serious security for your online business. Get it now!
http://www.verisign.com/cgi-bin/go.cgi?a=n094765650008000
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Tony Chow: "Followup to Windows 2000 unable to unload registry hive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
