Security Vulnerability: Odd Behavior in Windows XP Home

Thanks me101 for this email describing a odd security problem in Home Edition of XP. The Guest account in Windows XP Home Edition and Windows XP Professional (when not joined on a domain) serves several special functions that relate to security and network shares. Thus if you in the Control Panel, turn off the Guest account (which removes the listing of the Guest account from the Fast User Switching Welcome screen) the Guest account will not be disabled. This would open the host to attack through the Guest account.

An unexpected behavior has been observed when configuring Windows XP Home Edition. It appears that disabling the Guest account (from the User Accounts tool) only removes the Log-On Local right. Guest users are still able to connect to shared resources across the network.

Microsoft Knowledge Base article Q300489 describes this behavior and states that it is by design.

This could lead to a compromising of the host, since Guest users are able to access shared directories, and store files there.

Workaround:

Change the password of the Guest account to a difficult to guess one.

View: Microsoft Technet Article - A Description of the Guest Account

News source: Securiteam.com

Report a problem with article
Next Article

Active Network Monitor 1.0 Beta 1

Previous Article

Microsoft division accused of fraud