<ROFL>!! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dillon, Jeff Sent: Thursday, February 07, 2002 4:49 PM To: ExchangeList@swynk Subject: RE: Microsoft Security Bulletin MS02-003
It means there is one more issue, or one less, depending upon your point of view. -----Original Message----- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 07, 2002 5:15 PM To: Exchange Discussions Subject: Re: Microsoft Security Bulletin MS02-003 What does this mean? - John Q ----- Original Message ----- From: "Martin Blackstone" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, February 07, 2002 2:03 PM Subject: FW: Microsoft Security Bulletin MS02-003 > > > -----Original Message----- > From: Microsoft > [mailto:[EMAIL PROTECTED] osof > t.com] > Sent: Thursday, February 07, 2002 1:02 PM > To: Martin Blackstone > Subject: Microsoft Security Bulletin MS02-003 > > > -----BEGIN PGP SIGNED MESSAGE----- > > - ---------------------------------------------------------------------- > Title: Exchange 2000 System Attendant Incorrectly Sets Remote > Registry Permissions > Date: February 07, 2002 > Software: Exchange Server 2000 > Impact: Less Secure Default Settings > Max Risk: Low > Bulletin: MS02-003 > > Microsoft encourages customers to review the Security Bulletin at: > http://www.microsoft.com/technet/security/bulletin/MS02-003.asp. > - ---------------------------------------------------------------------- > > Issue: > ====== > The Microsoft Exchange System Attendant is one of the core services in > Microsoft Exchange. It performs a variety of functions related to the > on-going maintenance of the Exchange system. To allow remote administration > of an Exchange Server using the Exchange System Manager Microsoft Management > Console (MMC) snap in, the System Attendant makes changes to the permissions > on the Windows Registry to allow Exchange Administrators to remotely update > configuration settings stored in the Registry. > > There is a flaw in how the System Attendant makes these Registry > configuration changes. This flaw could allow an unprivileged user to > remotely access configuration information on the server. Specifically, this > flaw inappropriately gives the "Everyone" group privileges to the WinReg > key. This key controls the ability of users and groups to remotely connect > to the Registry. By default, only Administrators are given the ability to > remotely connect to the Registry, by granting permissions on this key. > > The flaw does not grant any abilities beyond the ability to connect > remotely. However, an attacker's ability to make changes to the Registry > once they have successfully connected would be dictated by the permissions > on the specific keys within the Registry itself. Thus, while this > vulnerability does not itself give an attacker the ability to change > Registry settings, it could be used in conjunction with inappropriately > permissive registry settings to gain access to, and make changes to a > systems Registry. > > > Mitigating Factors: > ==================== > - The vulnerability only grants the ability to connect to the > Registry remotely. It does not weaken any other permissions in > the Registry. > > - An attacker's ability to connect to the Registry remotely > requires the ability to send SMB traffic to and from the target > system. Firewalling best practices recommends closing the ports > that NetBIOS and Direct Host uses (tcp ports 139 and 445) > > Risk Rating: > ============ > - Internet systems: Low > - Intranet systems: Low > - Client systems: None > > Patch Availability: > =================== > - A patch is available to fix this vulnerability. Please read the > Security Bulletin at > http://www.microsoft.com/technet/security/bulletin/ms02-003.asp > for information on obtaining this patch. > > Acknowledgment: > =============== > - Eitan Caspi ([EMAIL PROTECTED]) > > - --------------------------------------------------------------------- > > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS > PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL > WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE > WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO > EVENT > SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES > WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF > BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS > SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES > DO > NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR > INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.1 > > iQEVAwUBPGLS4o0ZSRQxA/UrAQEucgf9GK43pXelmRAUZczcPg0Bn0MznMmui94L > 8R2GDK+DsT4nd5Dqv2nNF/k1mVVpKwKFabvyzKnqX7Qx3qSI9GP/YObi+VaS8Xmb > EndrGUfGMZ74iQTZt9LZb6aAxEwAFDrE76mo+QpK5p6zjO8HI7CRcYiJsukFLywa > Rdik8WntpLQonaRHg3XQPOLhAh+DRolELNcFrOUce+JYYGeDJR3vJRceNYxaIvSd > pWOETnZ1wMvVLb293pC2qiY8adZbyZ0NYvWnv/d85Z7IK5VinUiUJPw3Ah/MNmWY > 7qcXP/2Zp7nB9/1lXQ0NHVByh7+93UgxPaFYdUe6myAN31nRh+ncRQ== > =N/sw > -----END PGP SIGNATURE----- > > > > ******************************************************************* > > You have received this e-mail bulletin as a result of your subscription to > the Microsoft Product Security Notification Service. For more information > on this service, please visit > http://www.microsoft.com/technet/security/notify.asp. > > To verify the digital signature on this bulletin, please download our PGP > key at http://www.microsoft.com/technet/security/notify.asp. > > To cancel your subscription, click on the following link > mailto:[EMAIL PROTECTED] soft > .com?subject=UNSUBSCRIBE to create an unsubscribe e-mail. > > To stop all e-mail newsletters from microsoft.com, click on the following > link > mailto:[EMAIL PROTECTED] soft > .com?subject=STOPMAIL to create an unsubscribe e-mail. You can manage all > your Microsoft.com communication preferences from > http://www.microsoft.com/misc/unsubscribe.htm > > For security-related information about Microsoft products, please visit the > Microsoft Security Advisor web site at http://www.microsoft.com/security. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]