RE: Microsoft Fax Service
From: Curtis Koenig [MSFT] (curtisko_at_online.microsoft.com)
Date: 08/27/04
- Next message: -: "Oodles of 529 Logon Failures every 2:00 AM"
- Previous message: Steven L Umbach: "Re: Updates thru Firewall not working?"
- In reply to: Allen: "Microsoft Fax Service"
- Next in thread: Steven L Umbach: "Re: Microsoft Fax Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Aug 2004 21:28:02 GMT
Are you logged on locally as the administrator?
If you are then you should have access to all of this and this is normal
Windows behavior. Secondly for this to really rise to the level of a
security issue you would have to be able to do this while not logged onto
the machine.
-- Curtis Koenig Security Support Engineer Product Support Services, Security Team MCSE, MCSES, CISSP This posting is provided "AS IS" with no warranties and confers no rights. Please reply to the newsgroup so that others may benefit. Thanks! -------------------- >From: "Allen" <anonymous@discussions.microsoft.com> >Subject: Microsoft Fax Service >Date: Fri, 27 Aug 2004 11:44:16 -0700 > >Windows 2000 server > >I've found I believe to be a whole in security with >windows 2000. I haven't check 2003 yet. I also didn't find >this in Windows XP pro. Presume no fax devices are >installed.. > >Go to dos >At the root of c:\ type the command below >cd documents and settings \all users\documents\my faxes >then type "Dir" >All of the fax directories are visible when you do a dir > >"Common Coverpages" >"received Faxes" >"Sent Faxes" > >Directories are not viewable within Explorer GUI. Only >visible using the command line. > >Any hacker can create/copy/execute files within any >directory >Example >C:\Documents and Settings\All Users\Documents\My >Faxes>copy con test.cmd >notepade.exe >^Z > 1 file(s) copied. > >C:\Documents and Settings\All Users\Documents\My Faxes>dir > Volume in drive C has no label. > Volume Serial Number is EC38-8C60 > > Directory of C:\Documents and Settings\All >Users\Documents\My Faxes > >07/30/2004 12:26p <DIR> Common Coverpages >07/30/2004 12:32p <DIR> Received Faxes >07/30/2004 12:32p <DIR> Sent Faxes >08/27/2004 01:26p 14 test.cmd > 1 File(s) 14 bytes > 3 Dir(s) 2,328,305,664 bytes free > >C:\Documents and Settings\All Users\Documents\My >Faxes>test.cmd > >Notepad launches... > >Any Ideas ??? > > >
- Next message: -: "Oodles of 529 Logon Failures every 2:00 AM"
- Previous message: Steven L Umbach: "Re: Updates thru Firewall not working?"
- In reply to: Allen: "Microsoft Fax Service"
- Next in thread: Steven L Umbach: "Re: Microsoft Fax Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
