Summary
When configuring a boot image for preboot execution environment (PXE) booting in SCCM, there exists a setting to “Enable command support (testing only).” This setting allows any user that PXE boots into the WinPE environment to pressF8 to launch a command prompt, thus enabling more control over the WinPE deployment. This can be abused by attackers attempting to PXE boot from the network.
As the setting text implies, this setting should only be used for testing and debugging the boot image. It should be disabled before the boot image is used in production.
Linked Defensive IDs
Associated Offensive IDs
References
- Christopher Panayi, Pulling Passwords Out of Configuration Manager
- Microsoft, WinPE Boot
- Jason Barrett, How to Enable Command Support Console in WinPE