Massive HOLE!!!

[cpjitservices]

Hey Guys,

As I found out today there is a huge gaping hole in Server 2008 R2,

MS have been informed about this hole on the 8th of this month- as yet they haven't released an update.

SO disable your RDP !

[kmount]

Did your colleague discover + report this or has it been publicised on the net?

I ask because if it's not been publicised I'd probably not want to make as much info available as you have incase it provides enough info for someone to exploit it in the wild.

If it's been publicised already then fair enough.

[kmount]

ah, seen a mod has already edited it. Ignore my last post

[mavhc]

If we don't have the info how can we properly secure it? noone's going to disable rdp just because of some guy on a forum

[cpjitservices]

lol I was only being sarcastic anyway about disabling RDp - just thought I'd let you all know about my findings, as for MS knowing all I know is it was submited to them on the 8th.

[AWicher]

right, soooo. what?

[localzuk]

right, soooo. what?

Indeed. As it stands, what we get from this thread is that there is a threat to RDP on 2008 R2, but that we don't need to turn RDP off as you were joking.

So, on a scale of 1-10, with 10 being 'oh my god, our servers are going to go on a rampage eating children' and 1 being 'nothing to see here', we are at around 2...

[kmount]

Trusted colleagues feel free to PM me if you want the gist of what it said before it was edited.

[Gatt]

Sorry, but isn't this what the Security forum is for?

[cpjitservices]

Hi Guys, sorry for being vague been VERY Busy, I dont know much about the hole to be honest but it was a serious issue for me considering my Admin accounts got disabled, I can't go into to much detail but it was done from RDP, PM me if you want to know more.

[cpjitservices]

Hi guys, a little more information which I found out today - the hole is in the Ease of Access feature at the logon screen, my colleague can manage to get the command prompt up from the ease of access, not usre how but he can and from there he can run mmc and then well all you need to do is add/remove snapins and viola!! your in!!!

[strawberry]

One of our kids found that weeks ago, luckily he owned up

[mrbios]

So if perchance someone had replaced the ease of access file within system32 with a fake one that just pops up and says "ease of access has been disabled by your administrator" this security hole isn't a problem? If that's the case i should be ok

EDIT: can i have a PM with the details to test?

[Arthur]

The Ease of Access button can be made non-functional by using the following registry key...

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe]
"Debugger"="%SystemRoot%\\System32\\Calc.exe"

Calc.exe will not run at the logon screen, so nothing happens when the button is clicked.

[FN-GM]

Is this also in the Windows 7 login screen?