Threat Level: green Handler on Duty: Brad Duncan

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS Desktop Search add-on vulnerabilities - Trustworty Computing gone too far

Published: 2006-09-21
Last Updated: 2006-09-21 16:26:38 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
  So I'm checking the usual vulnerability announcement sources and once again the folks at NISCC have posted info on a beauty. Their NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE - Security Implications of the FolderShare Program details huge vulnerabilities (https tunnel, EFS bypassing, and more) in FolderShare, an "add-in tool for Microsoft Desktop Search" which enables "remote access to files stored on Windows and Mac OS X based computers.".

MS's KB "Best practices and security issues to consider when you use FolderShare" is weak, it's only useful recommendation is;

"you can effectively block outgoing traffic to FolderShare. To permanently block the FolderShare satellite from running in a particular environment, block access to the following host name on port TCP/443:
redir1.foldershare.com ".

The folks at NISCC credit "Ben Rexworthy of Securinet UK and white-hats.co.uk for reporting these issues to NISCC".

Keywords:
0 comment(s)
Diary Archives