OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: All Users startup folder left open if unattended install and OEMP reinstall=1
From: Frank Monroe (Frank.MonroeAMMOBILE.COM)
Date: Fri Apr 07 2000 - 16:38:20 CDT


About a month ago I posted the following to the win2ksecadvice list.
However, I received no response. I thought I'd try again since I consider
this problem to be pretty serious since it will allow any user to introduce
a code stream on another user.

I recently noticed a problem with Windows 2000 that makes it easy for one
user to introduce a trojan for the next user who logs on to the PC.
Normally, the All Users profile is denied write access by all but members of
the Administrators and SYSTEM groups. However, if you build your Windows
2000 system using an unattended answer file and you specify the
OEMPreinstall option, the installation process does not secure that
directory. It also does not secure the Default User directory or mark it
hidden.

The problem is easy to work around. You just correct the permissions.

----------------------------------------------------------------------------
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
Upgrade your server security to 128-bit SSL encryption!

Get VeriSign's FREE guide, "Securing Your Web Site
for Business." You will learn everything you need to
know about using 128-bit SSL to encrypt your e-commerce
transactions for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n046607800008000
----------------------------------------------------------------------------