Vulnerability Note VU#978131
Microsoft Exchange 2000 system attendant sets incorrect remote registry permissions
The Microsoft Exchange System Attendant sets the permissions on a registry key incorrectly, allowing remote intruders access to the registry.
The Microsoft Exchange System Attendant changes the permissions of the key:
A remote intruder may be able to query or set registry key values remotely. The ACLs on the registry keys are still enforced correctly, but the ability for users to access the registry remotely may be undesired. If registry keys have weak permissions, data may be accidentally read or written.
Apply a Patch
Block Access to the Registry by Restricting SMB Network Access
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||07 Feb 2002||27 Sep 2002|
CVSS Metrics (Learn More)
The CERT/CC was made aware of this vulnerability by Microsoft Security Bulletin MS02-003.
This document was written by Cory F. Cohen.
- CVE IDs: CAN-2002-0049
- Date Public: 07 Feb 2002
- Date First Published: 27 Sep 2002
- Date Last Updated: 26 Mar 2003
- Severity Metric: 4.62
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.