| VID |
28007 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The 'HKEY_LOCAL_MACHINE' registry key was found to allow write access by non-administrator users. This key should never be writable by these users under any circumstance, and indicates that the system may have been tampered with.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10427
http://www.iss.net/security_center/static/24.php
* Platforms Affected :
Microsoft Windows Any version |
| Recommendation |
Restrict registry access or reset permissions (or both).
To set registry permissions:
1. Open Registry Editor. From the Windows NT Start Menu, select 'Run', type 'regedt32', and click 'OK'.
2. Go to HKEY_LOCAL_MACHINE.
3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
4. Restrict access to all or set permissions to allow access to approved Administrators and SYSTEM groups only. |
| Related URL |
CVE-1999-0580 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
