They Call This a Security Issue?

And I quote..Link

Netanel Ben-Shushan from Israel writes:

We've been talked about Microsoft's new tool for remote installation named Windows Deployment Services (or WDS), and Alex told me today that there's an important security issue in WDS.

The issue is: there's a full access to the command line (CMD) and full access to the local hard disk (in 3 only minutes!), and that's without any special authentication or specific requirements like username and password, or unique CD/DVD/Disk on key/other removable media.

Think only about the result of this security issue: user can connect to important data, copy confidential documents, "play" and change settings in the Registry Editor, etc.

You can find this security issue too by following these steps:

1. Restart your machine that is connected to the network (with PXE card of course)

2. Boot from PXE to the local WDS server

3. The PXE receives an address and an answer from the local WDS server, and then the user need to press on F12

4. The user is pressing on the F12 key

5. The WDS server answers the machine by downloading boot image (Windows PE)

6. When the user promote to authorize where he needs to choose his specific install image click instead authorizing on Shift+F10 instead authorizing

7. You'll notice a CMD shows up, and directing to the X:\ driver (WinPE RAM drive)

8. Change the path to C:\

9. That’s it! Now you're in the local system drive

BINK: I think the F10 can be turned off, the F10 feature has been in windows since windows 2000 I believe, also you can lock down who can who can boot from WDS server.

UPDATE: Thanks Edie (MSFT) for supplying the tip:

How to disable the command prompt during the Windows Vista Enterprise installation process

INTRODUCTION

In some cases, you may want to use the command prompt to troubleshoot the Windows Vista Enterprise installation process. By default, the command prompt is enabled in Windows Vista Enterprise. This article describes how to disable the command prompt during the Windows Vista Enterprise installation process.

Note To start a command prompt during the Windows Vista Enterprise installation process, press SHIFT+F10.

MORE INFORMATION

During all phases of the Windows Vista Enterprise installation process, Windows Setup and the related setup files examine the Windows Vista Enterprise setup directory for a file that is named the DisableCMDRequest.tag file. When Windows Setup and the related setup files find the DisableCMDRequest.tag file, Windows Setup disables the command prompt for the duration of the Windows Vista Enterprise installation process.

The Windows Preinstallation Environment (Windows PE) runs when you start Windows Setup for the first time. To disable the command prompt during the Windows Vista Enterprise installation process, follow these steps:

1. Verify that the computer has Windows Automated Installation Kit (Windows AIK) or Windows OEM Preinstall Kit (Windows OPK) installed.

2. Click Start, click All Programs, click Windows AIK or Windows OPK, and then click Windows PE Tools Command Prompt.

Note If you follow these steps on a Windows Vista Enterprise-based computer, right-click the Command Prompt window, and then click Run as Administrator.

3. Use the ImageX tool to mount the Boot.wim file to a folder. To do this, run the following command:
md \mount imagex /mountrw WimFileFolderName\boot.wim 2 \mount
Note In this command, WimFileFolderName is a placeholder for the name of the folder that contains the Boot.wim file.

4. In the Windows Vista Enterprise setup directory, create the DisableCMDRequest.tag file. To do this, run the following command:
md \mount\windows\setup\scripts echo.>\mount\windows\setup\scripts\DisableCMDRequest.TAG

5. Apply the changes to the Boot.wim file. To do this, run the following command:
Imagex /unmount /commit \mount

6. Deploy the image. To do this, use the methods that are specified in the documentation for Windows AIK, for Windows OPK, or for Windows Deployment Services.
Note After you follow these steps, you cannot run audit mode by pressing CTRL+SHIFT+F3.

Is this a joke? This has to be a joke.

Trackbacks

myITforum Newsletters :

myITforum Daily Newsletter Daily Newsletter February 19, 2007 The myITforum.com newsletter is delivered

Link

Comments

No Comments

The Daily Ramblings of an SMS Engineer

All things SMS, System Center Configuration Manager, Active Directory, Group Policy, Virtualization, Security, Gadgets, Technology, and the Daily Thoughts of an SMS Engineer named Anthony Clendenen.

They Call This a Security Issue?

Trackbacks

myITforum Newsletters :

Comments

Search

Navigation

About Me

Tags

Recent Posts

Recent Feedbacks

1.	Verify that the computer has Windows Automated Installation Kit (Windows AIK) or Windows OEM Preinstall Kit (Windows OPK) installed.
2.	Click Start, click All Programs, click Windows AIK or Windows OPK, and then click Windows PE Tools Command Prompt. Note If you follow these steps on a Windows Vista Enterprise-based computer, right-click the Command Prompt window, and then click Run as Administrator.
3.	Use the ImageX tool to mount the Boot.wim file to a folder. To do this, run the following command: *md \mount imagex /mountrw WimFileFolderName\boot.wim 2 \mount* Note In this command, WimFileFolderName is a placeholder for the name of the folder that contains the Boot.wim file.
4.	In the Windows Vista Enterprise setup directory, create the DisableCMDRequest.tag file. To do this, run the following command: *md \mount\windows\setup\scripts echo.>\mount\windows\setup\scripts\DisableCMDRequest.TAG*
5.	Apply the changes to the Boot.wim file. To do this, run the following command: *Imagex /unmount /commit \mount*
6.	Deploy the image. To do this, use the methods that are specified in the documentation for Windows AIK, for Windows OPK, or for Windows Deployment Services.