Registry Permissions Vulnerability

Microsoft has released a tool that installs tighter permissions on three sets of registry values in Windows NT 4.0. The default permissions could allow a malicious user to gain additional privileges on an affected machine.

Issue

This vulnerability involves three sets of registry keys whose default permissions are too permissive. These permissions could allow a malicious user who could interactively log onto a target machine (or,in one case, access an affected machine from the network) to:

• Cause code to run in a local system context.
• Cause code to run the next time another user logged onto the same machine.
• Disable the security protection for a previously-reported vulnerability.

These three key sets are not related to each other except by the fact that their permissions should be tightened. A tool is available that will reset all of the affected keys to the correct default value.

Affected Products

• Windows NT Server, Enterprise, Terminal Server and Workstation 4.0

Download

Patch: http://www.microsoft.com/downloads/release.asp?ReleaseID=20330

Further Details

Source: Microsoft Corporation

Updated: April 14, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<