[NT] Odd Behavior in Windows XP Home (Security Vulnerability, Shares)

From: support@securiteam.com
Date: 01/25/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Fri, 25 Jan 2002 14:42:33 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Odd Behavior in Windows XP Home (Security Vulnerability, Shares)
------------------------------------------------------------------------

SUMMARY

The Guest account in Windows XP Home Edition and Windows XP Professional
(when not joined on a domain) serves several special functions that relate
to security and network shares. Thus if you in the Control Panel, turn off
the Guest account (which removes the listing of the Guest account from the
Fast User Switching Welcome screen) the Guest account will not be
disabled. This would open the host to attack through the Guest account.

DETAILS

An unexpected behavior has been observed when configuring Windows XP Home
Edition. It appears that disabling the Guest account (from the User
Accounts tool) only removes the Log-On Local right. Guest users are still
able to connect to shared resources across the network.

Microsoft Knowledge Base article
<http://www.microsoft.com/technet/support/kb.asp?ID=300489> Q300489
describes this behavior and states that it is by design.

This could lead to a compromising of the host, since Guest users are able
to access shared directories, and store files there.

Workaround:
Change the password of the Guest account to a difficult to guess one.

ADDITIONAL INFORMATION

The information has been provided by <mailto:johnson.jc.1@PG.COM> Cullen
Johnson.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages