INTRODUCTION
We are aware of detailed information and tools that can be used to access files on removable devices. These tools can bypass NTFS file permissions on non-server distributions of Microsoft Windows. We are aware that this issue may affect internal disks, fixed disks that are marked as removable, and also external media such as USB, Firewire, E-SATA, SD, and other removable media. We are aware of situations in which disks on certain storage controllers may be marked as "removable" regardless of physical position inside or outside the computer case or the kind of connection that is used by the disk.
This issue does not affect the primary system volume (that is, the device from which Windows is currently running).
Systems that are affected in a default configuration are primarily at risk. For example, this includes systems multiple disks that are running Windows Vista, Windows 7 and Windows 8.
More Information
How to tell if your environment is affected
-
Open an elevated Command Prompt window. To do this, click Start, type CMD, right-click Cmd.exe, and then click Run as Administrator.
-
Type the following command at the elevated command prompt, and then press Enter:
Powershell
-
Type the following command at the Windows PowerShell prompt:
Get-WmiObject -Class Win32_DiskDrive | Format-Table Name,Model, MediaType
This script will return output that resembles the following:
|
Name |
Model |
MediaType |
|---|---|---|
|
\\.\PHYSICALDRIVE0 |
ST31000528AS |
Fixed hard disk media |
|
\\.\PHYSICALDRIVE3 |
WD Ext HDD 1021 USB device |
External hard disk media |
|
\\.\PHYSICALDRIVE4 |
Corsair Voyager 3.0 USB device |
Removable media |
If the MediaType that is returned is "Removable Media" or "External hard disk media," the configuration is affected by the issue that is documented in this article.
Resolution
We recommend that customers who want to preserve operating-system-level disk permissions for secondary disks that are marked as "removable" perform one of the following hardening steps:
-
Enable Microsoft Bitlocker (recommended).
-
Enable controls for read and write access to removable devices or media.
Enable controls for read and write access to removable devices or media
To enable controls for read and write access to removable devices or media, follow these steps:
-
Press the Windows key and R to open the Run menu.
-
Type MMC.exe, and then press Enter.
-
On the File menu, click Add-Remove Snap-in (CTRL+M), and then select Group Policy Object Editor. Click OK.
-
Click Browse, click the Users tab, and then double-click Non-Administrators.
-
Click Finish, and then click OK.
-
In the Navigation pane, expand Local Computer\Non-Administrators Policy, expand User Configuration, expand Administrative Templates, expand System, and then click Removable Storage Access.
-
Double-click All Removable Storage Classes: Deny All Access, and then click to select the Enabled option.
-
Click Apply, and then click OK.
If you cannot perform these hardening steps, we recommend that you not store sensitive information on affected disks or devices. For example, do not store personal or authentication information where different users share a workstation or any backups of the file system. For more information, contact the manufacturer of your disk controller hardware.
Automated Microsoft Fix It solutions are available to automatically configure systems to disallow read and write access to removable devices.
To have us fix this problem for you, go to the "Fix it for me" section.
Fix it for me
Fix it solutions for Windows 7 or Windows 8
To enable or disable this fixit solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
|
Enable |
Disable |
|---|---|
Fix it solutions for Windows Vista
To enable or disable this fixit solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
|
Enable |
Disable |
|---|---|
Notes
-
These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
-
If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD and then run it on the computer that has the problem.
FAQ
-
Why does Windows have different security policies for different kinds of storage media?
Windows supports many storage devices, from traditional fixed disks, such as hard disk drives and solid state drives, to removable disks, such as SD cards and USB thumb drives. Supporting many storage devices enables customers to use Windows for many scenarios together with the rich ecosystem of Windows-compatible hardware. This includes consumer devices such as cameras, cell phones, and so on. Windows provides an excellent end-to-end experience for all these scenarios and devices across all the different environments where Windows is deployed, from the home to the small business to the enterprise.
Designing Windows to support these different scenarios requires understanding the various requirements and priorities that are associated with each scenario. These include a range of considerations such as ease-of-use, security, manageability, and other features. Therefore, there are differences in how particular categories of storage devices are managed from a security perspective. This reflects many factors. These include the environment in which the device will be used (such as mainly in the home versus an enterprise environment) and whether the device will be used among different devices. These include devices that are not Windows-based. -
What caused this issue?
The primary difference in security policy is between traditional, fixed disks and removable disks.
By default, access to data that is stored on a traditional hard disk is restricted by system Access Control Lists (ACLs) to require elevated administrative permissions. This provides an appropriate level of security across different environments. This allows for both single-user systems and multiuser systems. In most PCs, the hard disk is where important data such as the operating system is located, and ACLs require elevated administrative credentials to access to this data. Windows provides different manageability tools to enable this policy to be controlled in a more detailed manner, if it is necessary. This includes Bitlocker, Group Policy, and additional ACLs. On hard disks, nonadministrative users cannot run volume-level tools, such as format, or have direct block-level access to the contents of the file system.
Removable media, in contrast, is basically designed to be transported among different devices. These include consumer electronics devices and devices that are not Windows-based, such as cameras and cell phones. By default, access to data that is stored on removable media does not require elevated administrative permissions. These devices are typically associated with consumer electronic devices. You must make sure that the data on these devices easy to access and easily manageable. For example, if the file system on a removable device becomes corrupted, any user can run chkdsk and try to repair the corruption. In environments in which additional security is a priority, customers can implement additional controls that prevent access to removable media or require that all removable media be encrypted. This limits the use of removable media as part of security requirements. -
How do I determine whether my configuration is vulnerable?
Users can determine whether they have removable devices in their environment by using the "Safely Remove Hardware" quick access icon in the desktop notification area. If a device is listed in this menu, it means that it is marked as "removable."
Users can also access a list of removable devices in Control Panel. For example, open All Control Panel Items, open Device and Printers, and then click the Devices tab.
See the "How to tell if your environment is affected" section for more information about how to use Windows PowerShell to determine whether your configuration is vulnerable. -
Which Windows operating systems are affected in default configurations?
Windows Vista, Windows 7, and Windows 8 are affected in default configurations. -
What are the potential risks of enforcing read and write access to removable media through Group Policy?
Restricting access to the removable storage devices through Group Policy may cause certain applications to start failing or require elevated permissions. For example, your backup software may not perform a backup to or from the removable devices. Similarly, any check disk (chkdsk) or format disk kind of activity will require administrative permissions. This potentially causes disk-management and manipulation software to fail in restricted run mode. -
What are the potential risks of Bitlocker?
Bitlocker is the recommended solution to data security with removable devices. Using Bitlocker will cause a small decrease in performance when it is encrypting and decrypting data. -
What might an attacker use the vulnerability to do?
An attacker with nonadministrative access could read or write to a disk regardless of whether he or she is a local administrator. An attacker would have arbitrary read and write access to the device and file system. This could lead to targeted information disclosure.
Acknowledgments
Microsoft thanks the following for working with us to help protect customers:
-
George Georgiev Valkov for working with us on this issue.
