The default security on:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
allows ordinary users the right to write these keys, thus gaining full access to your server.
Use Regedt32 to change the Security / Permissions on these keys and their Subkeys to Read for Everyone.
0 comments
Hide comments