File and Printer Sharing Insecure in XP SP2

ProKras writes "German magazine PC-Welt has discovered a major security flaw in Windows XP SP2 when installing over SP1. The article says that 'with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall.' The magazine claims they were 'able to discover private documents on easily accessible computers on the Internet' and that the configuration is fairly common."

Article is confusing (due to translation?)

[doorbot.com]

If I'm understanding it correctly, using the "Subnet" scope for your dialup connections actually allows access from the entire Internet. The article seems to argue that this "bug" is due to Windows ignoring certain settings when it deals with dialup connections. It doesn't say if the firewall code is flawed (and thus not properly calculating the "subnet" scope), or if there is some other DUN code which is overriding the firewall settings.

Pure FUD. It's not even good FUD.

A number of test scans run by PC-Welt revealed that this in fact is a common configuration and not a rare sight.

How many were XP SP2? We all know that many misconfigured 95/98 systems exist. These systems have been probed for over half a decade. Nothing is new.

It must be assumed, that these users wrongly believe they are safe and that their sharing configurations are only visible in their network at home: Often, we did not even encounter password protection.

Misleading statement. Windows XP does not allow accounts with no password to be used with File and Printer Sharing.

Due to the bug carried over from SP1 as well as a new bug, the firewall configuration with SP2 has a catastrophic effect. The SP2 installation simply uses the previous configuration of the firewall: If it was active for the dial-up connection, now it also has been activated for the network adapter. At the same time, an exception is determined for file and printer sharing: For the internal network card - and astonishingly also for all adapters.

The default configuration does have an exception for File and Printer Sharing. However, the exception only covers the user's private home network; the internet will not have access to F&P Sharing.

With the first use of the dial-up connection after installing SP2, all of your shared data are available on the Internet. Now, other users can start guessing your passwords for administrator and guest and you basically are no more secure than the first Windows 95 users with an Internet connection - thanks to Service Pack 2.

The sentence order is wrong. "All of your shared data" are not available on the internet. The password would first have to be guessed, which is resilient to attacks due to the lockout policy for entering too many invalid passwords.

After these measures, you can be sure to be as safe as you were with SP1. Great, don't you think?

It wasn't broken in the first place, idiot. This article is embarrassing for even the zealous MS basher.

Re:I'm shocked! Win 2000 also?

you can't see them, but they exist

Sure you can see them.

# smbclient -I [IP Address] -L //random_name
Password: [Enter]

It will list the computers name as:
Domain=[COMPUTERNAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

Then use:
# smbclient -I [IP] -L //COMPUTERNAME -U Administrator
Password: [Enter]

And it'll list all the shares including IPC$, C$, D$, etc.

Now just mount whatever you want. Or connect to a printer and use 'print <filename>' to print a file from your local drive on their printer. Use 'queue' to make sure it printed. It may be off or out of paper or whatever. Happy hunting. :)