| VID |
28059 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The 'Winreg' registry key is not exist in the registry on the Windows system. The location of the Winreg registry key is SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg. This key controls remote access to the registry. If this key is not exist, remote access to the registry is not controlled. Otherwise, if this key is detected and Windows NT 4.0 Service Pack 3 or later has not been applied, then anyone can remotely connect to the registry and write registry keys. If the Everyone group is not allowed access, NULL session access to the registry can be prevented.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Windows NT Any version
Windows 2000 Any version |
| Recommendation |
Apply the latest Windows NT 4.0 Service Pack (SP6a or better) that can be gained from the Windows NT Service Pack web page in the following website:
http://support.microsoft.com/support/ntserver/Content/ServicePacks/
-- Also --
Check access on the Winreg key at the registry of Windows NT :
1. Open registry editor. Select execute at the Windows NT Start menu and type regedt32. And click OK.
2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg
3. Select Access to pop up the Registry Key Access dialog box at the Security menu.
4. Remove or change all access such as ¡°Everyone- All Authority¡±. Also, check all user names having ¡°All Authority¡± access and examine whether the access is appropriate. |
| Related URL |
CVE-1999-0562 (CVE) |
| Related URL |
6830 (SecurityFocus) |
| Related URL |
152 (ISS) |
|
