Security Issues Pertaining to Duplicate GUIDs

SMS clients are uniquely identified by using globally unique identifiers (GUIDs). The GUID is used to uniquely identify computers to a variety of SMS processes and duplicate GUIDs can cause those processes to fail. In most cases, GUID duplication occurs unintentionally, but in some scenarios an attacker could intentionally duplicate GUIDs to perpetrate an attack. When a computer has a duplicate GUID, it could run advertisements not intended for it. By creating a duplicate GUID, an attacker could run a restricted software package destined for another computer. To help reduce the risk from a duplicate GUID attack, assign NTFS permissions for packages only to authorized users of the package. In SMS 2003 (with no service pack) an attacker could create a duplicate GUID and upload inventory, status messages, or software metering data as though it were a different SMS client. In SMS 2003 SP1, you can require client computers to sign their inventory data so the management point rejects the unsigned inventory of the attacking computer.

SMS deployments are only supported in an intranet environment, therefore the risks of an attacker modifying the content on status messages, software metering data, and inventory in SMS 2003 (with no service pack) are extremely unlikely. SMS also reduces the probability of attacks against inventory because new inventory is collected on a schedule. An attacker would have to continuously supply invalid inventory data to be successful. Duplicate GUIDs do not allow elevation of privilege on either the SMS server or client, nor do they allow loss of confidential or personal information.