Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility.
Microsoft's CONVERT.EXE program is used to convert FAT32 file systems to NTFS. There is an insecure directory permission vulnerability introduced when the CONVERT.EXE utility is used on Windows 2000 and Windows XP systems. It has been confirmed that OEM distributors of Microsoft Windows XP and Windows 2000 use this utility and subsequently ship some desktop and laptop machines with the insecure permissions. Laptops and desktops that ship with the OEM version of these operating systems may be vulnerable.
Microsoft's KB article Q237399 discusses this issue with relation to Windows 2000.
A local attacker may be able to execute arbitrary code with elevated privileges. This would require another user to log in to the system.
The CERT/CC is currently unaware of a practical solution to this problem.
Check the permissions set on system critical directories such as C:\, C:\Documents and Settings\All Users, C:\Documents and Settings\All Users\Desktop, C:\Documents and Settings\All Users\Start Menu, and the System Restore directories.
Thanks to Douglas Swiggum for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2002-11-19|
|Date Last Updated:||2002-11-19 20:12 UTC|