Re: Security hole in file sharing (bug?)

From: Massimo (barone_at_mclink.it)
Date: 01/29/05 

Date: Sat, 29 Jan 2005 20:03:42 +0100

"Roger Abell" <mvpNOSpam@asu.edu> ha scritto nel messaggio
news:%234Lv4%23hBFHA.2876@TK2MSFTNGP12.phx.gbl...

> So it would seem.
> The public route for reporting is discussed at
> https://s.microsoft.com/technet/security/bulletin/alertus.aspx
> I will be finding the route to test such that RDP availability
> is ruled out, posting internally with MVPs for futher confirms
> and experiments, and generally this will likely raise a ruckus in
> visible (internally) ways if others see as you have demonstrated.

I'll have a look at this.

>> I don't think it matters: the RDP client uses NetBIOS to map drives, so
>> if
>> it doesn't work due to being disabled on the server, RDP can't possibly
> use
>> it. Besides, you're establishing a RDP session with the machine from
>> which
>> you connect to your shares, so RDP is mapping shares on the *remote*
>> machine, if any.
>
> all the same, despite fact that I did use a map network drive, hence a
> call to the old Net cmd dll, it is possible that it was intercepted and
> instead tunneled inside RDP - possible is enough for me to want to
> rule out possibility

Anyway, I *never* use the "map network drives" feature of RDP; so it's
definitely not involved here.

> This article also states that the exposure exists even with the
> XP firewall in use. This I found not true. In my test yesterday
> I toggled the firewall on the laptop for the dial-up connection
> and it was immediately effective in blocking access from the
> RDP client with already existing mapped drive. Toggle firewall
> back off and access resumed (note: this despite the fact that
> there was a popup saying the change would not be effective
> for the current dialup connection due to the in-use condition).

No, it states there's a bug in the firewall: if you enable exceptions for
the NetBIOS ports on the internal LAN interface (or any else), it enables
them for *every* connections. So you can't (again!) set options at the
adapter level, but only for the whole system.

Massimo

Relevant Pages

  • Re: Security hole in file sharing (bug?)
    ... > The public route for reporting is discussed at ... >> it doesn't work due to being disabled on the server, RDP can't possibly ... > I toggled the firewall on the laptop for the dial-up connection ... > for the current dialup connection due to the in-use condition). ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security hole in file sharing (bug?)
    ... > The public route for reporting is discussed at ... >> it doesn't work due to being disabled on the server, RDP can't possibly ... > I toggled the firewall on the laptop for the dial-up connection ... > for the current dialup connection due to the in-use condition). ...
    (microsoft.public.windowsxp.general)
  • Re: RDP issues
    ... I've tried the hotfix you've provided, however, to no avail. ... just fine) - firewall wise. ... At both WS's the RDP is in the exception list. ... Although the error does not indicate the connection is being refused, ...
    (microsoft.public.windowsxp.general)
  • Re: Remote View/Control
    ... You only have to turn on TS (RDP) on your desktop if you want to access it ... is on your desktop you will only use RDP _client_ to access the server. ... You need to open port 3389 on firewall at your office -- firewall that ... > establish the connection using that public IP address. ...
    (microsoft.public.windows.server.networking)
  • RE: Windows Remote Desktop
    ... between the server and client in addition to RDP encryption. ... On the topic of securing RDP i was wondering if anyone can help.... ... connection is difficult. ... >We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)