Re: Microsoft Fax Service

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/28/04

• Next message: Steven L Umbach: "Re: Security and privacy with MS programs."
• Previous message: Steven L Umbach: "Re: Help / Patch 835732 is killing my Win2k machine"
• In reply to: Allen: "Microsoft Fax Service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 28 Aug 2004 17:08:19 GMT

What do you mean by any hacker, or do you mean user? Users can already write and
execute files from the profile folders, though I agree it may be undesirable to have
them be able to write to folders outside of their profile. --- Steve

"Any hacker can create/copy/execute files within any
directory
Example
C:\Documents and Settings\All Users\Documents\My
Faxes>copy con test.cmd
notepade.exe"

"Allen" <anonymous@discussions.microsoft.com> wrote in message
news:196701c48c65$dae012c0$a301280a@phx.gbl...
> Windows 2000 server
>
> I've found I believe to be a whole in security with
> windows 2000. I haven't check 2003 yet. I also didn't find
> this in Windows XP pro. Presume no fax devices are
> installed..
>
> Go to dos
> At the root of c:\ type the command below
> cd documents and settings \all users\documents\my faxes
> then type "Dir"
> All of the fax directories are visible when you do a dir
>
> "Common Coverpages"
> "received Faxes"
> "Sent Faxes"
>
> Directories are not viewable within Explorer GUI. Only
> visible using the command line.
>
> Any hacker can create/copy/execute files within any
> directory
> Example
> C:\Documents and Settings\All Users\Documents\My
> Faxes>copy con test.cmd
> notepade.exe
> ^Z
> 1 file(s) copied.
>
> C:\Documents and Settings\All Users\Documents\My Faxes>dir
> Volume in drive C has no label.
> Volume Serial Number is EC38-8C60
>
> Directory of C:\Documents and Settings\All
> Users\Documents\My Faxes
>
> 07/30/2004 12:26p <DIR> Common Coverpages
> 07/30/2004 12:32p <DIR> Received Faxes
> 07/30/2004 12:32p <DIR> Sent Faxes
> 08/27/2004 01:26p 14 test.cmd
> 1 File(s) 14 bytes
> 3 Dir(s) 2,328,305,664 bytes free
>
> C:\Documents and Settings\All Users\Documents\My
> Faxes>test.cmd
>
> Notepad launches...
>
> Any Ideas ???
>
>

• Next message: Steven L Umbach: "Re: Security and privacy with MS programs."
• Previous message: Steven L Umbach: "Re: Help / Patch 835732 is killing my Win2k machine"
• In reply to: Allen: "Microsoft Fax Service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Microsoft Fax Service ... Windows 2000 server ... I've found I believe to be a whole in security with ... "received Faxes" ... visible using the command line. ... (microsoft.public.win2000.security) RE: Microsoft Fax Service ... Windows behavior. ... Security Support Engineer ... >"received Faxes" ... >visible using the command line. ... (microsoft.public.win2000.security) Re: Temp User ... Duplicate profile folders exist under the "Documents and Settings" folder ... How To Restore a User Profile in Windows Server 2003 ... original user XYZ still exist under the original name. ... (microsoft.public.windowsxp.setup_deployment) Re: Cannot log into Windows 2000 ... window pops up with the message "Windows cannot log you on because the ... Windows cannot load the user's profile but has logged you on with the ... Try renaming one of the profile folders ... (microsoft.public.win2000.general) user profile folder permission ... I have a windows 2k3 server with roaming profiles configured for users. ... have let the system create the profile folders for each user. ... administrator if I view the properties of the users profile folder, ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint