Microsoft WinNT ''Remote Registry Access Authentication'' Vulnerability Patch

Patches and Updates


A patch that eliminates a security vulnerability in Microsoft® Windows NT 4.0. Under certain conditions, the vulnerabilitycould be used to cause a Windows NT 4.0 machine to fail. Before a request to access the registry from a remote machine can be processed, it must first be authenticated by the Remote Registry server. If the request is malformed in a specific fashion, it could be misinterpreted by the remoteregistry server, causing it to fail. Because the Remote Registry server is contained within the winlogon.exe system process on Windows NT 4.0, a failure in that process would cause the entire system to fail. Only an authenticated user could levy such a request -- an anonymous (or null-session) connection could not cause this failure. An affected machine could be put back into service by rebooting.


Recent searches