[NT] Office Programs Can Browse Restricted Drives

From: SecuriTeam (support_at_securiteam.com)
Date: 02/24/05

  • Next message: SecuriTeam: "[EXPL] Multiple Vulnerabilities in WebConnect Exploit" 
    To: list@securiteam.com
Date: 24 Feb 2005 17:47:36 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Office Programs Can Browse Restricted Drives
    ------------------------------------------------------------------------

    SUMMARY

    Due to a bug in the Office suite, drivers that been marked as restricted
    are not shown as such under the file browsing mechanism.

    DETAILS

    Vulnerable Systems:
     * Microsoft Office Service Pack 2 and prior

    Immune Systems:
     * Microsoft Office Service Pack 3 or newer

    After you establish a group policy to restrict access to a drive by
    selecting the Hide these specified drives in My Computer and Prevent
    access to drives from My Computer options, you can use a Microsoft
    Office program to browse and read the contents of the drive.

    The same condition occurs when you insert a flash-drive and a common
    dialog box is presented asking you what you'd like to do. If you select
    open drive you can then browse all of the hidden and restricted drives the
    same way that you can using MS office.

    This problem occurs when your operating system is Microsoft Windows 2000.
    The problem occurs because of the way that policies are applied. When you
    restrict access to a drive by establishing a group policy, restrictions
    apply to users, but they do not apply to services and programs. Because
    the browse feature is performed through a program such as Microsoft Excel
    or Microsoft Word, the program is permitted to view the drive. As a
    result, when you define a group policy and select the Hide these specified
    drives in My Computer and Prevent access to drives from My Computer
    options on a specific drive, the drive is read-only with respect to
    Microsoft Office 2000 programs.

    Vendor Response
    This issue was reported to Microsoft on Feb 11, 2005.

    ADDITIONAL INFORMATION

    The information has been provided by
    <mailto:Sonny.Discini@montgomerycountymd.gov> Discini, Sonny.
    The original article can be found at:
    <http://support.microsoft.com/?id=302753> Office Programs Can Browse
    Restricted Drives

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[EXPL] Multiple Vulnerabilities in WebConnect Exploit"

    Relevant Pages