it was raised by Microsoft Gerry, I don't have the report but can request it, but long story short to do with the ability to dump variables, gain access to shares via the Network access account, view unattend.xml etc,
I ran this by the Product Group and they confirmed that it is classified as a security risk... so don't be surprised when the next RAP you are at points this out... where previously they did not. On Mon, Sep 22, 2014 at 9:00 PM, Gerry Hampson <[email protected]> wrote: > What's the supposed security risk Niall? > > > -------- Original message -------- > From: Niall Brady > Date:22/09/2014 19:18 (GMT+00:00) > To: [email protected] > Subject: [mssms] DCR pressing F8 in boot media to optionally prompt for > credentials (much like PXE password is optional) > > filed on connect, if anyone could vote it up that would be great, > bug number 974211 > > also, keep in mind that Risk and Health Assessment Program (*RAP*) is now > flagging cmd support in WinPE as a security risk and asking you to remove > it, > > so please, vote this up ! > cheers > niall. > > >
