Admin Shares in Server 2003 are a security threat ?

  • 113 Views
  • Last Post 06 May 2016
syam posted this 05 May 2016

Good Evening Everyone!!

 

I had a doubt after we have done security auditing in our production environment. The report says few of the Windows Server 2003 servers are having admin shares in them and

They are marked as threats.

 

Do they really pose any threat to the network ? Or can we ignore them ? If it's a threat is there any work arounds available (I googled about all these doubts but I didn’t find any valid answers).

 

Thanks in advance,

Syam.

Order By: Standard | Newest | Votes
daemonr00t posted this 05 May 2016

Seen a that a few times... admin shares are required for certain functions so do you want to sacrifice that?


In my personal opinion there are many more serious things to worry about.


Anyway as in any related topic you have to weightt security against functionality.

Sent from Outlook Mobile


show

g4ugm posted this 05 May 2016

Well as Konfiker and several other bits of MalWare try to guess admin passwords, I would say these could be vulnerabilities… Dave 

show

gkirkpatrick posted this 05 May 2016

I haven’t thought through the details but does accessing an admin shared end up leaving hashes and/or tickets laying around on the

server?

 

-g

 

show

sbradcpa posted this 05 May 2016

The mere fact that Server 2003 is no longer updated is a security threat.


On 5/5/2016 8:47 AM, Gil Kirkpatrick (gilkirkpatrick.com) wrote:
>
> I haven’t thought through the details but does accessing an admin
> shared end up leaving hashes and/or tickets laying around on the server?
>
> -g
>
> From:ActiveDir-owner@xxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxx] On Behalf Of
> *daemonroot@xxxxxxxxxxxxxxxx
> *Sent:
Thursday, May 5, 2016 7:31 AM
> To: Kurt Buff
> Subject: Re: [ActiveDir] Admin Shares in Server 2003 are a security
> threat ?
>
> Seen a that a few times... admin shares are required for certain
> functions so do you want to sacrifice that?
> In my personal opinion there are many more serious things to worry about.
> Anyway as in any related topic you have to weightt security against
> functionality.
>
> Sent from Outlook Mobile
>
>
>

show

gkirkpatrick posted this 05 May 2016

Hah! Good point.

show

robertsingers posted this 05 May 2016

Any share is an attack surface.  All of them should have appropriate security controls in place.  Talking about admin shares just makes it look like the auditors understand what they're doing.


show

a-ko posted this 06 May 2016

It is an attack surface with a low risk. It has been long known that it's perfectly okay to hate things behind ACLs to act as the security barrier. Admin shares are no more risky than RDP allowing admins to connect. 




And a great many tools use admin$ to load software and perform installs



Get Outlook

show

g4ugm posted this 06 May 2016

In my experience many security auditors just run a tool which provides a standard report, and leave it up to you to evaluate the risks, controls and residual risk after applying the controls, and are totally in-capable of discussing specific vulnerabilities. I would also question which shares we are talking about here. There is the “admin$” . “ipc$” and “C$” shares without which lots of things don’t work, and the “x$” shares for any other drives, which may or may not be needed.  A bit of googling turned up this document (which I found it interesting) about this issue… https://support.microsoft.com/en-gb/kb/842715 I also echo what others say about Server/2003. It is not been patched for over a year. Because its un-supported Microsoft no longer comment on any security vulnerabilities found. DaveG4UGM   

show

kennedyjim posted this 06 May 2016

I would add that if you have the ability to access a admin share then you probably have local admin on that machine already. It’s already game over.

 

show

Close