February 8th, 2002, 03:19 PM
m$ 2k exchange remote registry access
AN EMERGING ISSUE WITH:
MICROSOFT EXCHANGE 2000 REMOTE REGISTRY ACCESS
February 7, 2002
In Windows, the registry is a vital repository of configuration
settings for the Windows Operating System and its applications. This
one location stores settings for the operating system, various
applications, and individual users. For example, registry settings are
what tell a Windows machine which applications should start
automatically when a given user logs in. Each setting in the registry
is called a registry key.
Microsoft Exchange 2000 includes a service called Microsoft Exchange
System Attendant, which performs a variety of maintenance-related
functions. For instance, this service can change a WinReg registry key
so that an administrator who is not on the premises with the Exchange
server can access it from another location, and make changes remotely.
Unfortunately, the System Attendant is too permissive with its change
and allows the "Everyone" group remote access to the registry. The
"Everyone" group allows any user access, without requiring
authentication such as a user ID or password. This could allow hackers
to view your registry settings, providing a huge assist in the
information-gathering stage of an attack by revealing information such
as the exact version of your operating system, what applications are
on your server, user names, and more. According to Microsoft's
advisory, if the software on your server has installed some registry
keys with inappropriate permissions, the hacker might also be able to
modify those keys.
Download and install the Microsoft Exchange Server 2000 patch <http:
//www.microsoft.com/downloads/release.asp?ReleaseID=35462> as soon as
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
February 8th, 2002, 06:20 PM
Wow. Now how exactly do you overlook something like that?
Really. Don't they have a quality assurance group?
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
February 8th, 2002, 06:23 PM
good post zigar. part of ours is still 5.5, part 2000.