Results 1 to 3 of 3

Thread: m$ 2k exchange remote registry access

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Exclamation m$ 2k exchange remote registry access

    AN EMERGING ISSUE WITH:
    MICROSOFT EXCHANGE 2000 REMOTE REGISTRY ACCESS

    SEVERITY:
    Medium

    DATE:
    February 7, 2002

    EXPOSURE:

    In Windows, the registry is a vital repository of configuration
    settings for the Windows Operating System and its applications. This
    one location stores settings for the operating system, various
    applications, and individual users. For example, registry settings are
    what tell a Windows machine which applications should start
    automatically when a given user logs in. Each setting in the registry
    is called a registry key.


    Microsoft Exchange 2000 includes a service called Microsoft Exchange
    System Attendant, which performs a variety of maintenance-related
    functions. For instance, this service can change a WinReg registry key
    so that an administrator who is not on the premises with the Exchange
    server can access it from another location, and make changes remotely.


    Unfortunately, the System Attendant is too permissive with its change
    and allows the "Everyone" group remote access to the registry. The
    "Everyone" group allows any user access, without requiring
    authentication such as a user ID or password. This could allow hackers
    to view your registry settings, providing a huge assist in the
    information-gathering stage of an attack by revealing information such
    as the exact version of your operating system, what applications are
    on your server, user names, and more. According to Microsoft's
    advisory, if the software on your server has installed some registry
    keys with inappropriate permissions, the hacker might also be able to
    modify those keys.



    SOLUTION PATH:


    Download and install the Microsoft Exchange Server 2000 patch <http:
    //www.microsoft.com/downloads/release.asp?ReleaseID=35462> as soon as
    is practical.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Wow. Now how exactly do you overlook something like that?

    Really. Don't they have a quality assurance group?
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    good post zigar. part of ours is still 5.5, part 2000.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •