|MS10-086||Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)||Windows Server||Critical||13-10-2010|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability.
Detailed Information on the risk:
A tampering vulnerability exists in the way the Failover Cluster Manager user interface handles permissions on shared cluster disks. This vulnerability exists because the Failover Cluster Manager uses unsecured default permissions when adding disks to a cluster. When an administrator adds a disk to a shared cluster, the Failover Cluster Manager sets permissions on the shared cluster disk in a way that potentially provides unauthorized users (everyone) with read/write/delete access to the administrative shares on the failover cluster disk.
Further information on this exploit is available at : MS10-086
Affected SoftwareWindows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for x64-based Systems*