Used Microsoft Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions for Windows? Share your experience and help other users.
Developer’s Description
There is a flaw in how the System Attendant makes these Registry configuration changes. This flaw could allow an unprivileged user to remotely access configuration information on the server. Specifically, this flaw inappropriately gives the "Everyone" group privileges to the WinReg key. This key controls the ability of users and groups to remotely connect to the Registry. By default, only Administrators are given the ability to remotely connect to the Registry, by granting permissions on this key.
The flaw does not grant any abilities beyond the ability to connect remotely. However, an attacker�????�???�??�?�¢??s ability to make changes to the Registry once they have successfully connected would be dictated by the permissions on the specific keys within the Registry itself. Thus, while this vulnerability does not itself give an attacker the ability to change Registry settings, it could be used in conjunction with inappropriately permissive registry settings to gain access to, and make changes to a systems Registry.
Used Microsoft Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions for Windows? Share your experience and help other users.
Explore More
Network: nVidia nForce Networking Contr... Driver Version: A02
FreeITE IT8212 ATA RAID Controller
FreeU.S. Robotics V.92 Fax Host Int
Free
DG-1 Data Grabber
Freesp30853.exe
FreeBrother MFC-840
FreeScanwiz_pro_601a.exe
FreeThe PC Multi-Tool
Trial versionKismet
Paid
TweakRAM
Trial versionSmart Array P600 Controller
FreeSmart Array P600 Controller
Free
