Version: 2008
  • On CBS MoneyWatch: Why Debit Cards Are Dangerous
advertisementGo to Windows 7 Insider Guide
advertisement

Microsoft Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions 1.0

  • Quick specs
  • Price: Update
  • Operating system: Windows 2000
  • Date added: February 06, 2002
  • Total Downloads: 9
  • Downloads last week: 1
  • See full specifications
Add to my list Add to my Watch List
Download Now (5.34MB)
Tested spyware free

Publisher's description

From Microsoft :

The Microsoft Exchange System Attendant is one of the core services in Microsoft Exchange. It performs a variety of functions related to the on-going maintenance of the Exchange system. To allow remote administration of an Exchange Server using the Exchange System Manager Microsoft Management Console (MMC) snap in, the System Attendant makes changes to the permissions on the Windows Registry to allow Exchange Administrators to remotely update configuration settings stored in the Registry.

There is a flaw in how the System Attendant makes these Registry configuration changes. This flaw could allow an unprivileged user to remotely access configuration information on the server. Specifically, this flaw inappropriately gives the "Everyone" group privileges to the WinReg key. This key controls the ability of users and groups to remotely connect to the Registry. By default, only Administrators are given the ability to remotely connect to the Registry, by granting permissions on this key.

The flaw does not grant any abilities beyond the ability to connect remotely. However, an attacker?s ability to make changes to the Registry once they have successfully connected would be dictated by the permissions on the specific keys within the Registry itself. Thus, while this vulnerability does not itself give an attacker the ability to change Registry settings, it could be used in conjunction with inappropriately permissive registry settings to gain access to, and make changes to a systems Registry.

Search Server Express
Quick, easy, and powerful search... now available for Free
Download Now

More popular Maintenance & Optimization downloads

  1. 17,039 downloads 1. TuneUp Utilities 2010
  2. 4,494 downloads 2. DriverAgent
  3. 4,070 downloads 3. TweakNow RegCleaner
  4. 3,841 downloads 4. TweakNow PowerPack 2009
  5. 2,052 downloads 5. ATF Cleaner
  6. See all Maintenance & Optimization downloads
BounceBack Ultimate
Continuous Data Protection.
Download Now

User reviews

Write your own review Be the first one to review Microsoft Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions 1.0 and share your experience with the CNET community!

Submit your review

Log in or create an account to submit your review for:

Microsoft Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions 1.0

 ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
Microsoft Exchange Server,
flaw,
key,
management console,
permission

advertisement
Click Here
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET