Microsoft Fax Service

From: Allen (anonymous_at_discussions.microsoft.com)
Date: 08/27/04

• Next message: Carlton Whitmore: "Updates thru Firewall not working?"
• Previous message: Miha Pihler: "Re: Windows 2000 Server IIS 6.0"
• Next in thread: Curtis Koenig [MSFT]: "RE: Microsoft Fax Service"
• Reply: Curtis Koenig [MSFT]: "RE: Microsoft Fax Service"
• Reply: Steven L Umbach: "Re: Microsoft Fax Service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Aug 2004 11:44:16 -0700

Windows 2000 server

I've found I believe to be a whole in security with
windows 2000. I haven't check 2003 yet. I also didn't find
this in Windows XP pro. Presume no fax devices are
installed..

Go to dos
At the root of c:\ type the command below
cd documents and settings \all users\documents\my faxes
then type "Dir"
All of the fax directories are visible when you do a dir

"Common Coverpages"
"received Faxes"
"Sent Faxes"

Directories are not viewable within Explorer GUI. Only
visible using the command line.

Any hacker can create/copy/execute files within any
directory
Example
C:\Documents and Settings\All Users\Documents\My
Faxes>copy con test.cmd
notepade.exe
^Z
        1 file(s) copied.

C:\Documents and Settings\All Users\Documents\My Faxes>dir
 Volume in drive C has no label.
 Volume Serial Number is EC38-8C60

 Directory of C:\Documents and Settings\All
Users\Documents\My Faxes

07/30/2004 12:26p <DIR> Common Coverpages
07/30/2004 12:32p <DIR> Received Faxes
07/30/2004 12:32p <DIR> Sent Faxes
08/27/2004 01:26p 14 test.cmd
               1 File(s) 14 bytes
               3 Dir(s) 2,328,305,664 bytes free

C:\Documents and Settings\All Users\Documents\My
Faxes>test.cmd

Notepad launches...

Any Ideas ???

• Next message: Carlton Whitmore: "Updates thru Firewall not working?"
• Previous message: Miha Pihler: "Re: Windows 2000 Server IIS 6.0"
• Next in thread: Curtis Koenig [MSFT]: "RE: Microsoft Fax Service"
• Reply: Curtis Koenig [MSFT]: "RE: Microsoft Fax Service"
• Reply: Steven L Umbach: "Re: Microsoft Fax Service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Null Session information from NAT.EXE ... Enum Windows NT Command lint tool to enumeration Windows information using ... Dictionary attack added, ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: SMS 2003 Reporting: http error 500 ... in the dos window type the following command ... >Now, the Windows Logon Screen doesn't appear anymore, I'm ... >> is the IE 6 security changes that is the issue. ... (microsoft.public.sms.admin) RE: Sent Faxes Disappearing ... intermittent problems with faxes disappearing when sending Fax. ... Firstly I have checked your fax modem and find it is not on the Windows ... Make sure the "Sent Items" are archived in an existent folder ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) RE: Faxing a document to multiple user fax number ... Does SBS fax have a maximum amount of faxes per session? ... > If he is using windows 2000 or windows XP, please refer to the following KB ... > This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) Re: Fax4Outlook vs MSFax? ... > Yes windows XP Fax and office xp. ... > In addition to maintaining all faxes in the fax console I ... >>> in my outlook inbox and sent items folder. ... (microsoft.public.outlook.fax)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint