Vulnerability Note VU#361065
The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used
Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility.
Microsoft's CONVERT.EXE program is used to convert FAT32 file systems to NTFS. There is an insecure directory permission vulnerability introduced when the CONVERT.EXE utility is used on Windows 2000 and Windows XP systems. It has been confirmed that OEM distributors of Microsoft Windows XP and Windows 2000 use this utility and subsequently ship some desktop and laptop machines with the insecure permissions. Laptops and desktops that ship with the OEM version of these operating systems may be vulnerable.
Microsoft's KB article Q237399 discusses this issue with relation to Windows 2000.
A local attacker may be able to execute arbitrary code with elevated privileges. This would require another user to log in to the system.
The CERT/CC is currently unaware of a practical solution to this problem.
Check the permissions set on system critical directories such as C:\, C:\Documents and Settings\All Users, C:\Documents and Settings\All Users\Desktop, C:\Documents and Settings\All Users\Start Menu, and the System Restore directories.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Dell||Affected||07 Oct 2002||19 Nov 2002|
|Microsoft Corporation||Affected||10 Oct 2002||18 Nov 2002|
|Compaq Computer Corporation||Unknown||18 Oct 2002||19 Nov 2002|
|Hewlett-Packard Company||Unknown||18 Oct 2002||19 Nov 2002|
|IBM||Unknown||18 Oct 2002||18 Nov 2002|
|NEC Corporation||Unknown||18 Oct 2002||18 Nov 2002|
|Sony Corporation||Unknown||18 Oct 2002||18 Nov 2002|
|Toshiba International Corporation||Unknown||18 Oct 2002||18 Nov 2002|
CVSS Metrics (Learn More)
Thanks to Douglas Swiggum for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2002-0034
- Date Public: 30 Oct 2002
- Date First Published: 19 Nov 2002
- Date Last Updated: 19 Nov 2002
- Severity Metric: 6.75
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.