New
#1
Non-Admin User remotely shuts down the Host system
Non-Admin User remotely shuts down the Host system
Description: Non-administrative users can remotely shut down a Windows XP Service Pack 3-based system by using the terminal service command TSShutdn.exe command from Win 7 system.
Environment:
Host: CPU- Pentium[R] D 2.80 GHz
Operating System- Windows XP with SP3
RAM- 1 GB
Client: CPU - Pentium[R] D 2.80 GHz
Operating System- Win 7
RAM- 1 GB
Repro Steps:
Configuration on Host PC:
- Goto Computer Management (My Computer->Manage).
- Create a local user (Non-Admin User)
- Add the local user to the “Remote Desktop Users Group”
- Log Off from the host system (XP SP3)
Remote Login through Client PC:
- Login to the host system remotely using the Host system local user credentials (Created in step 2)
- Goto command prompt type the terminal service command “tsshutdn.exe”.
- The system prompts “The system will shutdown in less than 60 sec”.
- The host PC is shutdown
Expected result: Local user (Non-Admin users) shouldn’t able to shut down the system remotely.
Actual Result: Local user (Non-Admin users) was able to shut down the system remotely.
Remarks:
The scenario is even true when the host is Win 7 and client is – XP with SP3