![]() Windows 2019 Server acting as Domain Controller.There have to be domain users which will logon for the first time or will have the folder redirection policy applied for the first time.A standard local or domain user has be able to login on the file server configures with the folder redirection shares (rdp, WinRm, ssh,…).A Domain User Group Policy with “Folder Redirection” has to be configured.If “Folder Redirection” has been enabled via Group Policy and the redirected folders are hosted on a network share, it is possible for a standard user who has access on this file server to access other user’s folders and files (information disclosure) and eventually perform code execution and privilege escalation There is also an “important” update at the end. I completely forgot about this case until the last few days when I came across my report and then decided to publish my findings ( don’t expect nothing very sophisticated) The proposed solution was reconfiguring Folder Redirection with Offline files and restricting permission. They acknowledged it with CVE-2021-26887 even if they did not really fix the issue (“ folder redirection component interacts with the underlying NTFS file system has made this vulnerability particularly challenging to fix”). Two years ago (march 2020), I found this sort of “vulnerability” in Folder Redirection policy and reported it to MSRC.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |