Posted by Blair in Security
We’ve been talked about Microsoft’s new tool for remote installation named Windows Deployment Services (or WDS), and Alex told me today that there’s an important security issue in WDS.
The issue is: there’s a full access to the command line (CMD) and full access to the local hard disk (in 3 only minutes!), and that’s without any special authentication or specific requirements like username and password, or unique CD/DVD/Disk on key/other removable media.
Think only about the result of this security issue: user can connect to important data, copy confidential documents, “play” and change settings in the Registry Editor, etc.