=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN404
_____________________________________________________________________

DATE                      : 13/10/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Server 2008 running Windows Failover Cluster Manager.

======================================================================
KB2294255
http://www.microsoft.com/technet/security/bulletin/MS10-086.mspx
______________________________________________________________________

Microsoft Security Bulletin MS10-086 - Moderate
Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)

Version: 1.0

General Information

Executive Summary

This security update resolves a privately reported vulnerability in Windows
Server 2008 R2 when used as a shared failover cluster. The vulnerability could
allow data tampering on the administrative shares of failover cluster disks.
By default, Windows Server 2008 R2 servers are not affected by this
vulnerability. This vulnerability only applies to the cluster disks used in a
failover cluster.

This security update is rated Moderate for all supported editions of Windows
Server 2008 R2. For more information, see the subsection, Affected and
Non-Affected Software, in this section.

Affected Software

Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems

Vulnerability Information

Permissions on New Cluster Disks Vulnerability - CVE-2010-3223

A tampering vulnerability exists in the way the Failover Cluster Manager user
interface handles permissions on shared cluster disks. This vulnerability
exists because the Failover Cluster Manager uses unsecured default permissions
when adding disks to a cluster. When an administrator adds a disk to a shared
cluster, the Failover Cluster Manager sets permissions on the shared cluster
disk in a way that potentially provides unauthorized users (everyone) with
read/write/delete access to the administrative shares on the failover cluster
disk.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================