What part do you not understand? ----- Original Message ----- From: "John Q Jr." <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, February 07, 2002 4:15 PM Subject: Re: Microsoft Security Bulletin MS02-003
> What does this mean? > > - John Q > > ----- Original Message ----- > From: "Martin Blackstone" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Thursday, February 07, 2002 2:03 PM > Subject: FW: Microsoft Security Bulletin MS02-003 > > > > > > > > -----Original Message----- > > From: Microsoft > > > [mailto:[EMAIL PROTECTED] > > t.com] > > Sent: Thursday, February 07, 2002 1:02 PM > > To: Martin Blackstone > > Subject: Microsoft Security Bulletin MS02-003 > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > - ---------------------------------------------------------------------- > > Title: Exchange 2000 System Attendant Incorrectly Sets Remote > > Registry Permissions > > Date: February 07, 2002 > > Software: Exchange Server 2000 > > Impact: Less Secure Default Settings > > Max Risk: Low > > Bulletin: MS02-003 > > > > Microsoft encourages customers to review the Security Bulletin at: > > http://www.microsoft.com/technet/security/bulletin/MS02-003.asp. > > - ---------------------------------------------------------------------- > > > > Issue: > > ====== > > The Microsoft Exchange System Attendant is one of the core services in > > Microsoft Exchange. It performs a variety of functions related to the > > on-going maintenance of the Exchange system. To allow remote > administration > > of an Exchange Server using the Exchange System Manager Microsoft > Management > > Console (MMC) snap in, the System Attendant makes changes to the > permissions > > on the Windows Registry to allow Exchange Administrators to remotely > update > > configuration settings stored in the Registry. > > > > There is a flaw in how the System Attendant makes these Registry > > configuration changes. This flaw could allow an unprivileged user to > > remotely access configuration information on the server. Specifically, > this > > flaw inappropriately gives the "Everyone" group privileges to the WinReg > > key. This key controls the ability of users and groups to remotely connect > > to the Registry. By default, only Administrators are given the ability to > > remotely connect to the Registry, by granting permissions on this key. > > > > The flaw does not grant any abilities beyond the ability to connect > > remotely. However, an attacker's ability to make changes to the Registry > > once they have successfully connected would be dictated by the permissions > > on the specific keys within the Registry itself. Thus, while this > > vulnerability does not itself give an attacker the ability to change > > Registry settings, it could be used in conjunction with inappropriately > > permissive registry settings to gain access to, and make changes to a > > systems Registry. > > > > > > Mitigating Factors: > > ==================== > > - The vulnerability only grants the ability to connect to the > > Registry remotely. It does not weaken any other permissions in > > the Registry. > > > > - An attacker's ability to connect to the Registry remotely > > requires the ability to send SMB traffic to and from the target > > system. Firewalling best practices recommends closing the ports > > that NetBIOS and Direct Host uses (tcp ports 139 and 445) > > > > Risk Rating: > > ============ > > - Internet systems: Low > > - Intranet systems: Low > > - Client systems: None > > > > Patch Availability: > > =================== > > - A patch is available to fix this vulnerability. Please read the > > Security Bulletin at > > http://www.microsoft.com/technet/security/bulletin/ms02-003.asp > > for information on obtaining this patch. > > > > Acknowledgment: > > =============== > > - Eitan Caspi ([EMAIL PROTECTED]) > > > > - --------------------------------------------------------------------- > > > > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS > > PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL > > WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE > > WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO > > EVENT > > SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES > > WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF > > BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS > > SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME > STATES > > DO > > NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR > > INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 7.1 > > > > iQEVAwUBPGLS4o0ZSRQxA/UrAQEucgf9GK43pXelmRAUZczcPg0Bn0MznMmui94L > > 8R2GDK+DsT4nd5Dqv2nNF/k1mVVpKwKFabvyzKnqX7Qx3qSI9GP/YObi+VaS8Xmb > > EndrGUfGMZ74iQTZt9LZb6aAxEwAFDrE76mo+QpK5p6zjO8HI7CRcYiJsukFLywa > > Rdik8WntpLQonaRHg3XQPOLhAh+DRolELNcFrOUce+JYYGeDJR3vJRceNYxaIvSd > > pWOETnZ1wMvVLb293pC2qiY8adZbyZ0NYvWnv/d85Z7IK5VinUiUJPw3Ah/MNmWY > > 7qcXP/2Zp7nB9/1lXQ0NHVByh7+93UgxPaFYdUe6myAN31nRh+ncRQ== > > =N/sw > > -----END PGP SIGNATURE----- > > > > > > > > ******************************************************************* > > > > You have received this e-mail bulletin as a result of your subscription to > > the Microsoft Product Security Notification Service. For more > information > > on this service, please visit > > http://www.microsoft.com/technet/security/notify.asp. > > > > To verify the digital signature on this bulletin, please download our PGP > > key at http://www.microsoft.com/technet/security/notify.asp. > > > > To cancel your subscription, click on the following link > > > mailto:[EMAIL PROTECTED] > > .com?subject=UNSUBSCRIBE to create an unsubscribe e-mail. > > > > To stop all e-mail newsletters from microsoft.com, click on the following > > link > > > mailto:[EMAIL PROTECTED] > > .com?subject=STOPMAIL to create an unsubscribe e-mail. You can manage all > > your Microsoft.com communication preferences from > > http://www.microsoft.com/misc/unsubscribe.htm > > > > For security-related information about Microsoft products, please visit > the > > Microsoft Security Advisor web site at http://www.microsoft.com/security. > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]