Reported February 7, 2002, by
Microsoft.
Microsoft
Exchange 2000 Server
DESCRIPTION
VENDOR RESPONSE
The
vendor, Microsoft, has released security
bulletin MS02-003
to address this vulnerability and recommends that affected users apply the patch
provided at Microsoft's Download Center.
CREDIT
VERSIONS
AFFECTED
A vulnerability exists in Microsoft Exchange 2000 Server that lets an
attacker gain remote access to the configuration information on the server. This
vulnerability stems from a flaw in the Exchange System Attendant's setting
inappropriate group privileges to the “Everyone” group on the WinReg key.
Discovered by Eitan
Caspi.