+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
Windows Server 2008 R2 Thread, Massive HOLE!!! in Technical; Hey Guys, As I found out today there is a huge gaping hole in Server 2008 R2, MS have been ...
  1. #1
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,504
    Thank Post
    519
    Thanked 292 Times in 268 Posts
    Rep Power
    83

    Massive HOLE!!!

    Hey Guys,

    As I found out today there is a huge gaping hole in Server 2008 R2,

    MS have been informed about this hole on the 8th of this month- as yet they haven't released an update.

    SO disable your RDP !
    Last edited by plexer; 20th July 2011 at 06:35 PM. Reason: sensitive

  2. #2


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,694
    Thank Post
    352
    Thanked 798 Times in 717 Posts
    Rep Power
    347
    Did your colleague discover + report this or has it been publicised on the net?

    I ask because if it's not been publicised I'd probably not want to make as much info available as you have incase it provides enough info for someone to exploit it in the wild.

    If it's been publicised already then fair enough.

  3. #3


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,694
    Thank Post
    352
    Thanked 798 Times in 717 Posts
    Rep Power
    347
    ah, seen a mod has already edited it. Ignore my last post

  4. #4

    Join Date
    Jan 2007
    Location
    Nottinghamshire
    Posts
    530
    Thank Post
    1
    Thanked 84 Times in 58 Posts
    Rep Power
    38
    If we don't have the info how can we properly secure it? noone's going to disable rdp just because of some guy on a forum

  5. #5
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,504
    Thank Post
    519
    Thanked 292 Times in 268 Posts
    Rep Power
    83
    lol I was only being sarcastic anyway about disabling RDp - just thought I'd let you all know about my findings, as for MS knowing all I know is it was submited to them on the 8th.

  6. #6
    AWicher's Avatar
    Join Date
    Nov 2008
    Location
    Preston
    Posts
    317
    Thank Post
    58
    Thanked 40 Times in 31 Posts
    Rep Power
    18
    right, soooo. what?

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,966
    Thank Post
    519
    Thanked 2,503 Times in 1,943 Posts
    Blog Entries
    24
    Rep Power
    841
    Quote Originally Posted by AWicher View Post
    right, soooo. what?
    Indeed. As it stands, what we get from this thread is that there is a threat to RDP on 2008 R2, but that we don't need to turn RDP off as you were joking.

    So, on a scale of 1-10, with 10 being 'oh my god, our servers are going to go on a rampage eating children' and 1 being 'nothing to see here', we are at around 2...

  8. #8


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,694
    Thank Post
    352
    Thanked 798 Times in 717 Posts
    Rep Power
    347
    Trusted colleagues feel free to PM me if you want the gist of what it said before it was edited.

  9. #9

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,711
    Thank Post
    866
    Thanked 664 Times in 437 Posts
    Rep Power
    501
    Sorry, but isn't this what the Security forum is for?

  10. #10
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,504
    Thank Post
    519
    Thanked 292 Times in 268 Posts
    Rep Power
    83
    Hi Guys, sorry for being vague been VERY Busy, I dont know much about the hole to be honest but it was a serious issue for me considering my Admin accounts got disabled, I can't go into to much detail but it was done from RDP, PM me if you want to know more.

  11. #11
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,504
    Thank Post
    519
    Thanked 292 Times in 268 Posts
    Rep Power
    83
    Hi guys, a little more information which I found out today - the hole is in the Ease of Access feature at the logon screen, my colleague can manage to get the command prompt up from the ease of access, not usre how but he can and from there he can run mmc and then well all you need to do is add/remove snapins and viola!! your in!!!

  12. Thanks to cpjitservices from:

    AWicher (27th July 2011)

  13. #12

    Join Date
    Mar 2007
    Posts
    1,802
    Thank Post
    85
    Thanked 297 Times in 228 Posts
    Rep Power
    87
    One of our kids found that weeks ago, luckily he owned up

  14. #13
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,549
    Thank Post
    363
    Thanked 264 Times in 216 Posts
    Rep Power
    101
    So if perchance someone had replaced the ease of access file within system32 with a fake one that just pops up and says "ease of access has been disabled by your administrator" this security hole isn't a problem? If that's the case i should be ok

    EDIT: can i have a PM with the details to test?

  15. #14


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,163
    Thank Post
    234
    Thanked 2,744 Times in 2,022 Posts
    Rep Power
    801
    The Ease of Access button can be made non-functional by using the following registry key...

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe]
    "Debugger"="%SystemRoot%\\System32\\Calc.exe"
    Calc.exe will not run at the logon screen, so nothing happens when the button is clicked.

  16. Thanks to Arthur from:

    FN-GM (31st July 2011)

  17. #15

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,104
    Thank Post
    891
    Thanked 1,752 Times in 1,511 Posts
    Blog Entries
    12
    Rep Power
    457
    Is this also in the Windows 7 login screen?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Massive Google hard drive survey
    By mark in forum Hardware
    Replies: 2
    Last Post: 20th February 2007, 08:48 PM
  2. Replies: 10
    Last Post: 29th March 2006, 02:52 PM
  3. N2H2 is officially spyware - on a massive scale
    By ICTNUT in forum Educational Software
    Replies: 23
    Last Post: 22nd November 2005, 10:32 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •