Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2006 > NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE - Security Implications of the FolderShare Program

September 2006

NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE - Security Implications of the FolderShare Program

ID: 00635
Ref: 608/2006
Date: 20 September 2006:14:05:14
Version: 1
Title: NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE - Security Implications of the FolderShare Program
Abstract:
Vendors affected: NISCC
Operating systems affected: NISCC
Applications affected: NISCC
Title
=====

NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE - Security Implications of the FolderShare Program

Detail
======

FolderShare is a free to use Microsoft application. As a product, FolderShare allows users to
select a folder on a machine and have it replicate that information to multiple remote machines.
It can allow remote access to files stored on Windows and Mac OS X based computers.



NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE

Security Implications of the FolderShare Program

Version Information
- -------------------
Advisory Reference 693564/NISCC/FOLDERSHARE
Release Date 20 September 2006
Last Revision 20 September 2006
Version Number 1.0

Acknowledgement
- ---------------
These security issues were reported to NISCC by members of the white-hats.co.uk group.

What is affected?
- -----------------
The FolderShare add-in tool for Microsoft Desktop Search.

Impact
- ------
If used improperly, the FolderShare add-in tool for Microsoft Desktop Search could
potentially lead to the unintentional disclosure of information.

Summary
- -------
FolderShare is a free to use Microsoft application. As a product, FolderShare allows users to
select a folder on a machine and have it replicate that information to multiple remote machines.
It can allow remote access to files stored on Windows and Mac OS X based computers.

FolderShare eases the burden of remote working, allowing users access to their files from
anywhere in the world. It also provides a simpler solution to sharing large files with other
parties, enabling large files to be shared instantly without the need to send large files via
email, burn them to CDs/DVDs and mail them, or upload them to a website.

However some security implications have been identified that can potentially lead to information
being unintentionally disclosed.

Microsoft is aware of these implications and have provided some best practices in the 'Solutions'
section of this advisory.

Details
- -------
FolderShare allows users to create a private peer-to-peer network that will help them to
synchronize files across multiple devices and access or share files with colleagues and
friends.

However three security implications with the program have been identified:

1. As the product runs over HTTPS, it is difficult to prevent someone using this in an
environment. If a user can install the software, then they can share all local drives across
the Internet - or in the opposite direction. Users will have an encrypted tunnel to bring
down illicit software to a local computer without the system administrator's knowledge.

2. From a remote browser, a user can gain un-inhibited access to every file on all computers
participating in the user#s FolderShare network.

3. Because FolderShare access files in the user#s security context, EFS encryption is not
applicable. Thus any files on EFS encrypted volumes can be access seen and opened on remote
machines or web browsers by anyone participating in the user#s FolderShare network.

Solution
- --------
Microsoft has provided the following best practices for users concerned with the security
implications discussed above:

1. If an organization has egress filters enabled on their firewall, then stopping outbound
traffic to FolderShare can be enforced. To permanently block the FolderShare Satellite from
running in an environment, system administrators can block access to:

redir1.foldershare.com A 216.166.75.8 on port TCP/443

2. Use ingress and egress filters on the firewalls, proxies, etc to stop the inbound and
outbound connections. System administrators can also enforce software restriction policies via
Active Directory to block the FolderShare program from running. Lastly as with any good security
practice, ensure user education and the organisation's security policy is updated to explicitly
warn users that installing software such as this is against the policy of the organisation.

3. Use other security controls to deny egress of data from the workstations, on top of the
fact that the user must still first choose which folders they will share. If a user does not
understand the implications of explicitly sharing sensitive information, then the user
education or organisational security policy needs to be revisited so that awareness can be
raised.



Should you wish to obtain further information from Microsoft regarding the above discussed
security implications, then please view the Knowledge Base (KB) Article at
http://support.microsoft.com/kb/925077

Vendor Information
- ------------------
The Microsoft Corporation is a multinational computer technology corporation and has offices
in over 100 countries. Headquartered in Redmond, Washington, USA, its most popular products
are the Microsoft Windows operating system and the Microsoft Office suite of productivity
software.

For more information about Microsoft, please visit http://www.microsoft.com/

Credits
- -------
The NISCC Vulnerability Management Team would like to thank Ben Rexworthy of Securinet UK and
white-hats.co.uk for reporting these issues to NISCC and to Microsoft for their assistance in
outlining the solutions recommended to address them.

Contact Information
- -------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email vulteam@niscc.gov.uk
Please quote the advisory reference in the subject line

Telephone +44 (0)870 487 0748 Ext 4511
Monday - Friday 08:30 - 17:00

Fax +44 (0)870 487 0749

Post Vulnerability Management Team
NISCC
PO Box 832
London
SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP key. This is
available from http://www.niscc.gov.uk/niscc/publicKey2-en.pop.

Please note that UK government protectively marked material should not be sent to the email
address above.

If you wish to be added to our email distribution list please email your request to
uniras@niscc.gov.uk.

What is NISCC?
- --------------
For further information regarding the UK National Infrastructure Security Co-ordination
Centre, please visit http://www.niscc.gov.uk.

Reference to any specific commercial product, process, or service by trade name, trademark
manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or
favouring by NISCC. The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither shall NISCC accept responsibility for any errors or omissions contained within
this advisory. In particular, they shall not be liable for any loss or damage whatsoever,
arising from or in connection with the usage of information contained within this notice.

© 2006 Crown Copyright

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |