Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
OffloadModExpo Registry Permissions Vulnerability
On a shared computer, it may be possible for a malicious user to interactively log on to the computer and compromise the security of the cryptographic keys of other users who subsequently log on to the same computer.
Issue
This vulnerability involves a registry key used by the CryptoAPI Base CSPs to specify the driver DLL for a hardware accelerator. By design, such a DLL would have access to users' public and private keys. Although only administrators should have permission to add such a DLL, the permissions on the key actually would allow any user who could interactively log onto the machine to do so. By writing a bogus DLL and installing it, a malicious user could compromise the keys of other users who subsequently used the machine.
The machines primarily at risk would be workstations and terminal servers. If normal security recommendations are followed, normal users will not be allowed to interactively log onto domain controllers, web servers, database servers, ERP servers, and other security-critical machines. Windows NT auditing could be used to determine who changed the key's value.
Affected Products
- Windows NT Server, Enterprise, Terminal Server and Workstation 4.0
Download
Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20330
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: April 12, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
