Share Level Password vulnerability (Patch available) ------------------------------------------------------------------------ SUMMARY Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 95, 98, 98SE, and Windows Me. The vulnerability allows a malicious user to programmatically access a Windows 9x/ME file share without knowing the entire password assigned to that share. Detailed exploit and vulnerability information can be found at: <http://www.securiteam.com/exploits/Windows_9x_share_service_file_handle_vulnerability.html> Windows 9x share service file handle vulnerability. DETAILS Affected Software Versions: - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 Second Edition - Microsoft Windows Me Microsoft Windows 9x/Me provides a password protection feature referred to as (share level access) for the File and Print Sharing service. However, due to the way the password feature is currently implemented, a file share could be compromised, by a malicious user who used a special client utility, without that user knowing the entire password required to access that share. Only share level access permissions are vulnerable. If a Windows 9x or Windows Me machine were part of a Windows NT domain, user-level access controls could be enforced on file shares and passwords would not be needed to allow access to those shares. Windows NT and Windows 2000 machines can only be setup with user-level file share access controls and are not susceptible to this vulnerability. Patch Availability: - Microsoft Windows 95 Patch available shortly - Microsoft Windows 98 and 98 Second Edition <http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE> http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/ 273991USA8.EXE - Microsoft Windows Me <http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE> http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/ 273991USAM.EXE What's the scope of the vulnerability? This is a privacy compromise vulnerability. The vulnerability could potentially allow unauthorized access to a user's password protected file share using a malicious client utility without requiring a user to know the complete password for the share. For customers using File and Print Sharing within a corporate environment, care should be taken when enabling this service. Microsoft recommends that user-level access permissions be granted to shares rather than share level permissions based on passwords. A still more robust solution is to use a Windows NT or Windows 2000 system as a file server. What causes the vulnerability? There is a flaw in the way the File and Print Sharing service implements password protection for a directory when that directory is shared over a network using share level access. The flaw could allow a malicious program to gain access to that share without knowing the complete password. What is the File and Print Sharing Service? The Microsoft Windows 9x and Windows Me family of products incorporate peer to peer networking capabilities that enable share level security on a file share. In other words a client can act like a server and vice versa in any Windows networking environment. Windows 9x and Windows Me offers share level access control to file shares and user-level access control when the Windows 9x or Windows Me system is part of a Windows NT domain. Only share level security suffers from this vulnerability since only share level security uses passwords as the security mechanism for protecting the share. I understand about sharing files, but what's the difference between share level and user-level access? Share level security provides a password-controlled gate to protected resources. The advantage of this security paradigm is that it allows granting access to a large number of people with very little effort. However, it is not very secure, since the password is widely distributed and there is no notion of personal accountability. Windows NT's security paradigm is based on granting access to individuals each of whom has an account. This paradigm allows fine-grained control over per-user access and allows individual accountability. The disadvantage is that you must create a user account for each user you want to grant access to and you must grant that user the access (either directly or by adding the user to an appropriate group). Note: User-level access permissions are only available on Windows 9x and Windows Me machines when they are part of a Windows NT domain. What would this vulnerability allow a malicious user to do? If a malicious user could exploit this vulnerability, they would be able to retrieve, modify, or delete any file within that share. What protection does a password provide? A password is like a lock on your door. It provides protection against unauthorized entry while still allowing you access. However the vulnerability that affects the password protection on a Windows 9x or Windows Me file share would allow unauthorized access, by a user who exploits a malicious client utility, without requiring that the user know the password for that share. Who should use the patch? Microsoft recommends that anyone with File and Print sharing enabled and using share level access on a Windows 9x or Windows Me system consider installing the patch. What does the patch do? The patch eliminates the vulnerability by eliminating the flaw in the password mechanism. Where can I get the patch? The download location for the patch is provided in the "Patch Availability" section of the security bulletin. How do I use the patch? Knowledge Base article <http://www.microsoft.com/technet/support/kb.asp?ID=273991> Q273991 contains detailed instructions for applying the patch. How can I tell if I installed the patch correctly? The Knowledge Base article <http://www.microsoft.com/technet/support/kb.asp?ID=273991> Q273991 provides a manifest of the files in the patch package. The easiest way to verify that you have installed the patch correctly is to verify that these files are present on your computer, and have the same sizes and creation dates as shown in the KB article. -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
