Results 1 to 5 of 5

Thread: Vulnerability:Microsoft Exchange Inappropriate Registry Permissions

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability:Microsoft Exchange Inappropriate Registry Permissions

    Microsoft Exchange Inappropriate Registry Permissions Vulnerability


    A flaw has been reported in the Microsoft Exchange System Attendant, which could allow unprivileged users access to the WinReg key.
    The WinReg key controls users and groups ability to connect remotely to the registry.


    The System Attendant must ensure the that the Microsoft Exchange System Manager can remotely connect, in doing so, the System Attendant adds the 'Everyone' group to the WinReg key.

    Exploit: No exploit code required.

    Remote: Yes

    Solution: Microsoft has released a patch which addresses this issue:
    http://download.microsoft.com/downlo...tserver/Patch/ 06.00.21.5770/NT5/EN-US/Q316056engi386.EXE

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    206
    No way! Not another vulnerability found!

    I can't believe this, maybe we should ask JP to open up another forum

    specifically for vulnerabilities found in M$ products.

    There must be loads floating around the AO site by now!




  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    There must twenty a day. Imagine if you could make money off them all.
    Trappedagainbyperfectlogic.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    882

    Re: Vulnerability:Microsoft Exchange Inappropriate Registry Permissions

    Originally posted by s0nIc
    Microsoft Exchange Inappropriate Registry Permissions Vulnerability

    Exploit: No exploit code required.

    Remote: Yes
    This is the part that alarms me. NO expliot code required. You think the idiots at MS would at the least make their screwups a little hadder to break into. O well this just adds more greese to the open source wheel.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  5. #5
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    lmao scares me too.. and so as the fact that it can be done REMOTELY without an exploit...
    Bill! give your products some dignity ol boy! lolz

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •