Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MS Desktop Search add-on vulnerabilities - Trustworty Computing gone too far - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS Desktop Search add-on vulnerabilities - Trustworty Computing gone too far
  So I'm checking the usual vulnerability announcement sources and once again the folks at NISCC have posted info on a beauty. Their NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE - Security Implications of the FolderShare Program details huge vulnerabilities (https tunnel, EFS bypassing, and more) in FolderShare, an "add-in tool for Microsoft Desktop Search" which enables "remote access to files stored on Windows and Mac OS X based computers.".

MS's KB "Best practices and security issues to consider when you use FolderShare" is weak, it's only useful recommendation is;

"you can effectively block outgoing traffic to FolderShare. To permanently block the FolderShare satellite from running in a particular environment, block access to the following host name on port TCP/443:
redir1.foldershare.com ".

The folks at NISCC credit "Ben Rexworthy of Securinet UK and white-hats.co.uk for reporting these issues to NISCC".

Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!