Easy Skippy. Why not just click on the nice link in the bulletin? There is usually a bunch of extra info that explains everything in more detail.
-----Original Message----- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 07, 2002 6:26 PM To: Exchange Discussions Subject: Re: Microsoft Security Bulletin MS02-003 ? Who can access the registry from where? Do you have to be an auth user? Can you do it from the Internet? What could an "attacker" really do? ----- Original Message ----- From: "Byron Kennedy" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, February 07, 2002 3:24 PM Subject: RE: Microsoft Security Bulletin MS02-003 > what part is unclear? > > -----Original Message----- > From: John Q Jr. [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 07, 2002 2:15 PM > To: Exchange Discussions > Subject: Re: Microsoft Security Bulletin MS02-003 > > > What does this mean? > > - John Q > > ----- Original Message ----- > From: "Martin Blackstone" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Thursday, February 07, 2002 2:03 PM > Subject: FW: Microsoft Security Bulletin MS02-003 > > > > > > > > -----Original Message----- > > From: Microsoft > > > [mailto:[EMAIL PROTECTED] > > t.com] > > Sent: Thursday, February 07, 2002 1:02 PM > > To: Martin Blackstone > > Subject: Microsoft Security Bulletin MS02-003 > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > - ---------------------------------------------------------------------- > > Title: Exchange 2000 System Attendant Incorrectly Sets Remote > > Registry Permissions > > Date: February 07, 2002 > > Software: Exchange Server 2000 > > Impact: Less Secure Default Settings > > Max Risk: Low > > Bulletin: MS02-003 > > > > Microsoft encourages customers to review the Security Bulletin at: > > http://www.microsoft.com/technet/security/bulletin/MS02-003.asp. > > - ---------------------------------------------------------------------- > > > > Issue: > > ====== > > The Microsoft Exchange System Attendant is one of the core services in > > Microsoft Exchange. It performs a variety of functions related to the > > on-going maintenance of the Exchange system. To allow remote > administration > > of an Exchange Server using the Exchange System Manager Microsoft > Management > > Console (MMC) snap in, the System Attendant makes changes to the > permissions > > on the Windows Registry to allow Exchange Administrators to remotely > update > > configuration settings stored in the Registry. > > > > There is a flaw in how the System Attendant makes these Registry > > configuration changes. This flaw could allow an unprivileged user to > > remotely access configuration information on the server. Specifically, > this > > flaw inappropriately gives the "Everyone" group privileges to the WinReg > > key. This key controls the ability of users and groups to remotely connect > > to the Registry. By default, only Administrators are given the ability to > > remotely connect to the Registry, by granting permissions on this key. > > > > The flaw does not grant any abilities beyond the ability to connect > > remotely. However, an attacker's ability to make changes to the Registry > > once they have successfully connected would be dictated by the permissions > > on the specific keys within the Registry itself. Thus, while this > > vulnerability does not itself give an attacker the ability to change > > Registry settings, it could be used in conjunction with inappropriately > > permissive registry settings to gain access to, and make changes to a > > systems Registry. > > > > > > Mitigating Factors: > > ==================== > > - The vulnerability only grants the ability to connect to the > > Registry remotely. It does not weaken any other permissions in > > the Registry. > > > > - An attacker's ability to connect to the Registry remotely > > requires the ability to send SMB traffic to and from the target > > system. Firewalling best practices recommends closing the ports > > that NetBIOS and Direct Host uses (tcp ports 139 and 445) > > > > Risk Rating: > > ============ > > - Internet systems: Low > > - Intranet systems: Low > > - Client systems: None > > > > Patch Availability: > > =================== > > - A patch is available to fix this vulnerability. Please read the > > Security Bulletin at > > http://www.microsoft.com/technet/security/bulletin/ms02-003.asp > > for information on obtaining this patch. > > > > Acknowledgment: > > =============== > > - Eitan Caspi ([EMAIL PROTECTED]) > > > > - --------------------------------------------------------------------- > > > > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS > > PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL > > WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE > > WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO > > EVENT > > SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES > > WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF > > BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS > > SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME > STATES > > DO > > NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR > > INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 7.1 > > > > iQEVAwUBPGLS4o0ZSRQxA/UrAQEucgf9GK43pXelmRAUZczcPg0Bn0MznMmui94L > > 8R2GDK+DsT4nd5Dqv2nNF/k1mVVpKwKFabvyzKnqX7Qx3qSI9GP/YObi+VaS8Xmb > > EndrGUfGMZ74iQTZt9LZb6aAxEwAFDrE76mo+QpK5p6zjO8HI7CRcYiJsukFLywa > > Rdik8WntpLQonaRHg3XQPOLhAh+DRolELNcFrOUce+JYYGeDJR3vJRceNYxaIvSd > > pWOETnZ1wMvVLb293pC2qiY8adZbyZ0NYvWnv/d85Z7IK5VinUiUJPw3Ah/MNmWY > > 7qcXP/2Zp7nB9/1lXQ0NHVByh7+93UgxPaFYdUe6myAN31nRh+ncRQ== > > =N/sw > > -----END PGP SIGNATURE----- > > > > > > > > ******************************************************************* > > > > You have received this e-mail bulletin as a result of your subscription to > > the Microsoft Product Security Notification Service. For more > information > > on this service, please visit > > http://www.microsoft.com/technet/security/notify.asp. > > > > To verify the digital signature on this bulletin, please download our PGP > > key at http://www.microsoft.com/technet/security/notify.asp. > > > > To cancel your subscription, click on the following link > > > mailto:[EMAIL PROTECTED] > > .com?subject=UNSUBSCRIBE to create an unsubscribe e-mail. > > > > To stop all e-mail newsletters from microsoft.com, click on the following > > link > > > mailto:[EMAIL PROTECTED] > > .com?subject=STOPMAIL to create an unsubscribe e-mail. You can manage all > > your Microsoft.com communication preferences from > > http://www.microsoft.com/misc/unsubscribe.htm > > > > For security-related information about Microsoft products, please visit > the > > Microsoft Security Advisor web site at http://www.microsoft.com/security. > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ------------------------------------------------------------------------------ The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. ============================================================================== _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
