none
Security Exploit in Windows 10 Advance Sharing Settings RRS feed

  • Question

  • I've tried contacting Microsoft for the last three days about a security issue I think is worthy of their attention.

    This was their response:

    • Thank you for contacting the Microsoft Security Response Center (MSRC).  These types of support issues are not something that we can assist with directly.  This alias is used to report vulnerabilities for which you have full repro steps, proof of concept, and a method for using against a remote target.  You would need to work with support to figure out what the issue here is.  This may be a settings issue or something more.  If there is a vulnerability here, support will be able to help you file a vulnerability report.
    • As such, this email thread has been closed and will no longer be monitored. 

    That's just great.  Thanks Microsoft.

    So here's the problem.  My upstairs neighbor and I happen to share the same Wi-Fi signal. (And yes, it's totally legit.... it's just small town living at it's finest!). The other day, she was scanning something personal on her printer/scanner, and it inadvertently ended up on MY COMPUTER! 

    My computer is password protected. She does NOT have access to anything of mine. And I've never told her, nor would I ever tell anyone, my password.

    So the question is, how in the world did her private information end up on my computer screen?

    As it turns out, there is a setting in the Advanced Sharing Settings section that Turns On Automatic Setup of Network Connected Devices.  This option is automatically checked when sharing is first turned on. ( If you are reading this and share a Wi-Fi network with someone, you may want to turn that feature off!!)

    What this means is, any device connected to your Wi-Fi Network will immediately be setup and installed on your device if you have Windows 10 Home 1803!  (Not sure about other builds at this point).

    The problem is, how in the world was she "allowed" to send a scan of a private nature to my documents folder without a password?  Even if she messed up the procedure somehow, she shouldn't have access to my documents folders!

    This may not seem like a big deal, but imagine being on a shared network... say you're staying at a hotel, and you need to scan some private information... And the guy in room 310 has your information pop up on his screen by this same flaw! 

    I'm fairly confident this could be a huge problem.

    I've tried to explain this to Microsoft. Maybe I'm not explaining it properly? They want to blame some kind of a network setting or something.  But that lady should have NEVER been able to place a scan on my password protected computer under any circumstances whatsoever!

    I'm not looking for a solution to this, as much as I'm hoping that someone will read this and Microsoft will be alerted to it.

    Hopefully a moderator or forum guru has access to people that can take a look at this issue.

    Thanks for reading.


    Friday, June 15, 2018 4:13 PM

Answers

All replies

  • this is when you change your network profile from home/work to public.
    Friday, June 15, 2018 4:27 PM
  • the profile doesn't describe your location is describes the security applied and assumed in your environment.
    Friday, June 15, 2018 4:27 PM
  • I'd ask for help with setup over here.

    https://answers.microsoft.com/en-us/windows/forum/windows_10-networking

    https://answers.microsoft.com/en-us/windows/forum/windows_10-security

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, June 15, 2018 9:53 PM
    Moderator
  • Well, that didn't happen. It's been private the whole time.  But more to the point, how can anything from anyone else's scanner/computer end up on my computer when my computer is password protected?  I'm surprised no one is picking up on this.
    • Edited by Noble_6 Monday, July 2, 2018 2:48 PM
    Monday, July 2, 2018 2:45 PM
  • Well, it's as if you didn't even read my post.  How can someone else's scanner / computer have access to anything on my computer without my password?  Do you know how scanners work?  Have you ever tried to access a shared folder on another computer?  Do you realize you need, not only the other computer's name, but the password as well?

    How does someone scanning something end up popping up on my computer without my username or password in their scanner?

    Monday, July 2, 2018 2:48 PM
  • The profile is private. And it's certainly password protected. If you've ever tried to send a scan to a computer folder without that computers password, you know how frustrating that can be. Yet, without my username, or my password, their scan ended up on my computer.  Don't you think that's a problem?
    Monday, July 2, 2018 2:50 PM
  • Well, it's as if you didn't even read my post.  How can someone else's scanner / computer have access to anything on my computer without my password?  Do you know how scanners work?  Have you ever tried to access a shared folder on another computer?  Do you realize you need, not only the other computer's name, but the password as well?

    How does someone scanning something end up popping up on my computer without my username or password in their scanner?

    This is "where is" forum for direction on where best to ask question. I'd ask for more help in the forums I linked.

    https://answers.microsoft.com/en-us/windows/forum/windows_10-networking

    https://answers.microsoft.com/en-us/windows/forum/windows_10-security

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, July 2, 2018 2:52 PM
    Moderator