[Am-info] Exchange 2000 enables remote registry access
Fred A. Miller
fm@cupserv.org
Fri, 15 Feb 2002 16:16:41 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Exchange 2000 enables remote registry access
Microsoft released MS02-00 ("Exchange 2000 enables remote registry
access"). The Exchange 2000 System Attendant incorrectly gives
'Everyone' access to the Winreg registry key, which would allow a
remote attacker to access the registry via SMB/NetBIOS. Exploitation
depends on the permissions of the various subkeys.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS02-003.asp
Source: Microsoft
http://archives.neohapsis.com/archives/vendor/2002-q1/0023.html
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8bXq5IhTtc6nTZIIRAms9AJ4uqBqg5WbX0SNsYnJGB2HMjJF8sgCgouEi
l548x0PLhINrs69lYKMCqqM=
=MrwK
-----END PGP SIGNATURE-----