| VID |
27090 |
| Severity |
30 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
If home directory privilege is not limited per user account, any users can access home directory of other users with malicious purpose. After accessing, They may damage system intentionally or not.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
[Windows Server 2003]
1. C:\Documents and Settings\User Home Directory> Properties> Securities
2. Remove Everyone privileges (except All Users, Default User directory)
[Windows Server 2008, 2012, 2016, 2019]
1. C:\user\<user account>
2. Remove common accounts except rights about this user. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
