We've been talked about Microsoft's new tool for remote installation named Windows Deployment Services (or WDS), and Alex told me today that there's an important security issue in WDS.
http://bink.nu/Home.bink Quote:
The issue is: there's a full access to the command line (CMD) and full access to the local hard disk (in 3 only minutes!), and that's without any special authentication or specific requirements like username and password, or unique CD/DVD/Disk on key/other removable media.
Think only about the result of this security issue: user can connect to important data, copy confidential documents, "play" and change settings in the Registry Editor, etc.
You can find this security issue too by following these steps:
1. Restart your machine that is connected to the network (with PXE card of course)
2. Boot from PXE to the local WDS server
3. The PXE receives an address and an answer from the local WDS server, and then the user need to press on F12
4. The user is pressing on the F12 key
5. The WDS server answers the machine by downloading boot image (Windows PE)
6. When the user promote to authorize where he needs to choose his specific install image click instead authorizing on Shift+F10 instead authorizing
7. You'll notice a CMD shows up, and directing to the X:\ driver (WinPE RAM drive)
8. Change the path to C:\
9. That’s it! Now you're in the local system drive
|
visit the site to see how to disable it.
02-17-2007, 07:11 PM
News Security Issue in WDS 
Linear Mode
