Incorrect Remote Registry Access to Microsoft Exchange 2000 Server

 

Reported February 7, 2002, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft Exchange 2000 Server

 

DESCRIPTION
A vulnerability exists in Microsoft Exchange 2000 Server that lets an attacker gain remote access to the configuration information on the server. This vulnerability stems from a flaw in the Exchange System Attendant's setting inappropriate group privileges to the “Everyone” group on the WinReg key.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS02-003 to address this vulnerability and recommends that affected users apply the patch provided at Microsoft's Download Center.

 

CREDIT
Discovered by Eitan Caspi.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish