T 3.48 Incorrect configuration of Windows computers

Windows client and server operating systems are complex systems whose security is determined primarily by the parameter settings. This results in security risks, especially in the case of incorrectly configured components or groups of components, and these risks can result in problems ranging from malfunctions to the compromising of a Windows network.

• When migrating from Windows NT 4.0 to a newer Windows version, the access authorizations from Windows NT, which also grant normal users wide-ranging access to system files, are retained. This means the level of access security in migrated Windows systems is generally lower than on systems in which Windows is newly installed.
• If the NTLM authentication mechanism is configured insecurely, then it is possible to reconstruct user passwords by listening in on the network traffic. This used to be a problem especially encountered on all old NTLM versions numbered 2.0 or lower, but in the meantime, Version 2.0 of the NTLM protocol has also been compromised.
• If the EFS is configured incorrectly (for example by using local user accounts without an active password for the syskey program), then the EFS encryption can be bypassed when an attacker has physical access to the computer.
• Incorrect configuration of the access to removable storage access may allow users write access to removable media such as a USB stick or a CD/DVD burner, which would allow them to copy information off the information system using these media.

In addition to the problems arising with the operating system configuration, there are also security problems resulting from the incorrect configuration of system services such as DNS, WINS, DHCP, RAS, or IPSec. If an attacker is able to attack these components successfully, then the system security of the entire network is endangered.