Korean

<< Back VID 28345 Severity 40 Port 139,445 Protocol TCP Class SMB Detailed Description The registry of the remote host is accessed through a null session. It do not allow remote registry access. There are many registry keys that allow the Everyone group, and therefore anonymous users can read and/or set such keys and their values. A number of Registry keys are relevant to security and must be configured with care. If an unauthorized user was able to remotely edit the registry, the user might modify registry keys in an attempt to gain elevated privileges. Restricting remote registry access is accomplished by setting security permissions on the HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg key. If the Everyone group is denied access, null session access to the registry can be prevented. * References: http://support.microsoft.com/?id=153183 * Platforms Affected: Microsoft Windows NT Any version Microsoft Windows 2000 Any version Microsoft Windows XP Any version Recommendation For Windows NT 4.0, apply the latest Windows NT 4.0 Service Pack (SP4 or later), available from the Windows NT Service Packs Web page at http://support.microsoft.com/support/ntserver/Content/ServicePacks/ The default permissions do not restrict remote access to the registry. Only administrators should have remote access to the registry, because the Windows 2000 registry editing tools support remote access by default. To restrict network access to the registry: 1) Open Registry Editor. From the Windows Start menu, select Run, type regedt32, and click OK. 2) Select the HKEY_LOCAL_MACHINE window. 3) Go to the \SYSTEM\CurrentControlSet\Control\SecurePipeServers registry key. 4) If winreg key is not present, create "winreg" (no quotes). 5) Select winreg, and click the Security pulldown menu, and then click Permissions. 6) Set the Administrators permission to Full Control, and make sure no other users or groups are listed, and then click OK. Related URL (CVE) Related URL (SecurityFocus) Related URL 151,169 (ISS)