Home page logo
/

bugtraq logo Bugtraq mailing list archives

[NTSEC] Re: @LERT - NT security flaw announcement
From: aleph1 () DFW NET (Aleph One)
Date: Sat, 19 Apr 1997 22:52:38 -0500


There is an easier way to stop the registry part of the problem that I've
overlooked until just now (doh!).

Go into HKEY_LOCAL_MACHINE/CurrentControlSet/Control/SecurePipeServers

Create a key called winreg

Set the security on it however you like, but do NOT give "everyone" any access.
(also do not give "everyone" NO access, since YOU are also a member of
everyone - just don't have an entry in the ACL for everyone).

Reboot.

Poof - part of the problem is now solved.

I still recommend using the everyone2user tool anyway - tends to keep down
mischief.

If/when I figure out how to fix more of it, I'll let everyone know.

BTW, the 4.3 version of the ISS Internet Scanner _will_ have a check for the
presence of this key and whether everyone has any access.  I'll have it
coded in the next 10 minutes... <g>

-----------------------------------------------------------
David LeBlanc                   | Voice: (770)395-0150 x138
Internet Security Systems, Inc. | Fax:   (404)395-1972
41 Perimeter Center East        | E-Mail:  dleblanc () iss net
Suite 660                       | www: http://www.iss.net/
Atlanta, GA 30328               |



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault