Windows Vista sharing Bug – danger high!


I want to present you here what I believe it to be a bug in the Windows Vista, pressumably also in Windows XP.

In short: When you have your PC in a windows network with mixed Linux computers (tested with Ubuntu 7.10), although you don’t share your USB Flash Drive, everybody on the network can access its files, write on it, and delete them. Bug danger: very high, security risk: very high!
I will now show you through images how this bug affects your computer:

Configuration: 2 Computers in a Windows Network:

1. Windows Vista PC

2. Ubuntu 7.10 PC using the Windows network through samba.

Pictures:

untitled2.png

Here you can see that the USB Flash drive isn’t shared.

untitled3.png

The sharing setting under Windows Vista. Everything is off. No sharing of the drive.

Now we change to the Ubuntu-Linux computer.

screenshot10.png

These are the computers seen under Network (samba) in Ubuntu. The Windows computer is the second one.

screenshot-12.png

On this picture you can see all the drives on the windows machine. The shared ones, and the not shared ones. Some can be still accessed, even if they are NOT shared under Windows. That is the USB Flash drive from pic 1, and 2.

screenshot-4-1.png

Accessing the not shared USB Flash drive without any problems. You can read/write/delete files on it.

screenshot-6.png

Example of creating a folder on the USB flash drive.

Now I will present the forbidden access of an external HDD connected on the windows machine, which can not be accessed through Linux, as it is expected.

screenshot-8.png

Trying to access the external HDD.

screenshot-9.png

Access forbidden.

This bug was found by me, and I’m presenting it here, so the people using Windows Vista can contact Microsoft, so they can solve this critical security problem. I will also contact Microsoft, and tell them about this web page, so they can do something about this problem.

I also think that this bug can be found on Windows XP, but I cannot confirm that. Somebody willing to do that, also for other Windows Editions, can try and recreate it, and report what happens.

edit: Well, I tried to find out How the hell one can report a bug to Microsoft, and found this link: http://support.microsoft.com/gp/contactbug. It says I need to phone Microsoft??? What the hell. Spending my money on correcting Microsoft’s flaws? No thanks. Anyone willing, please do that instead of me. Thank you in advance.
Advertisements

6 Responses to Windows Vista sharing Bug – danger high!

  1. Andre says:

    Hi
    das ist kein Bug, Windows legt versteckte Admin Freigaben an im Windows netzwerk versteckt man solche Freigaben mit einem
    angehängten Dollar Zeichen zb Admin$, die Freigabe selber macht das Betriebssystem und zwar standartmässig von jedem Laufwerk
    am PC und zusätzlich noch den Windows Ordner selber.

    Gebraucht wird das ganze in Domainen netzwerken zur Verwaltung.
    Linux kennt keine versteckten freigaben zeigt also und das völlig richtig alle Admin Shares an, das man nun auf einige der Shares zb
    einen USB Stick zugreiffen kann liegt schlichtweg an der Unwissenheit des Betreibers, solange nicht mit ACLs der Stick gesichert ist
    kann auch jeder Windows User darauf zugreiffen er muss lediglich den laufwerksbuchstaben erraten und dann im Explorer zb \\rechnernahme\e$
    eingeben vertig.

    Das ganze ist weder ein Bug noch ist es tatsächlich gefährlich, es zeigt jedoch das die meissten Leute sich nicht mit Sicherheit auseinander setzen, solange man keine Windows Domaine benuzt kann man das system auch anweisen keine Admin Freigaben zu erstellen siehe hier:

    http://www.zdnet.de/security/praxis/0,39029462,39149802-7,00.htm

    Das alles hättest du ganz simpel durch die eingabe Admin Freigaben unter Windows bei Googel erfahren können 😉

  2. Aido says:

    this is administrative shares which can be disabled in XP and Vista, hence the $ at the start. linux obviously just displays what it can see. did you use the same username and password on both machines during this test as i believe you have to login as the administrator to see these shares to start with, but not if you have the same username and password as it auto-logs in when accessing vista/XP:D

  3. Nora says:

    Hi there to every , because I am really eager of reading this blog’s post to be updated daily. It consists of pleasant data.

  4. pinterest.com says:

    Penny Auctions

  5. What’s Happening i am new to this, I stumbled upon this I’ve found
    It positively helpful and it has aided me out loads.

    I’m hoping to give a contribution & help different users like its aided me.
    Great job.

  6. King Bed says:

    Study to educate yourself on about the different sorts of headboards you can easily select from and exactly
    how to choose the perfect headboard for your bed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: