Spyware, Viruses, & Security forum

General discussion

Microsoft Security Advisory (906574)

by Donna Buenaventura / August 23, 2005 6:41 PM PDT
Microsoft Security Advisory (906574)
Clarification of Simple File Sharing and ForceGuest

Microsoft has issued this Security Advisory to clarify information of the issue addressed in Security Bulletin MS05-039 for non-default configurations of Windows XP Service Pack 1. This feature is known as "Simple File Sharing and ForceGuest." If you are using Windows XP Service Pack 2, enabling Simple File Sharing and ForceGuest does not increase your level of exposure to the MS05-039 security vulnerability. Also, customers that have applied the security update included with MS05-039 are not impacted by this issue. We recommend that customers continue to follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting the Protect Your PC Web site.

If Simple File Sharing is enabled on a Microsoft Windows XP system that is not joined to a domain, then all users who access this system through the network are forced to use the Guest account. This is the "Network access: Sharing and security model for local accounts" security policy setting, and is also known as ForceGuest.

Windows XP mitigates several security vulnerabilities by preventing users who do not have a valid logon credential from accessing the system remotely. An example of this is the vulnerability that is addressed in Microsoft Security Bulletin MS05-039. However, when you enable Simple File Sharing, the Guest account is also enabled and given permission to access the system through the network. Because the Guest account is a valid account when it is enabled, and is given permission to access the system through the network, an attacker could use the Guest account as if they had a valid user account.

There is no known attack that is seeking to exploit this scenario. The Advisory is being issued as a special precaution. There is no change to the update in Security Bulletin MS05-039. Customers who have applied this update are protected in this scenario.

Suggested Actions
-Review the following Microsoft Web site.
-Windows XP Professional customers that cannot disable the Guest account should change the default password on the Guest account.
-Block TCP ports 139 and 445 at the firewall
-Follow the Protect Your PC guidance.
-Keep Windows updated.
Discussion is locked
You are posting a reply to: Microsoft Security Advisory (906574)
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Advisory (906574)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.