Computer Security

Archive : 2000 : january : msrdisk
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku





Microsoft Security Bulletin (MS00-004)




Microsoft Security Bulletin (MS00-004)








Microsoft Security Bulletin (MS00-004)

--------------------------------------



Patch Available for "RDISK Registry Enumeration File" Vulnerability

Originally Posted: January 21, 2000



Summary

=======

Microsoft has released a patch that eliminates a security vulnerability in

an administrative  utility that ships with Microsoft(r) Windows NT(r) 4.0,

Terminal Server Edition. The utility  creates a temporary file during

execution that can contain security-sensitive information, but  does not

appropriately restrict access to it. As a result, a malicious user on the

terminal  server could read the file as it was being created.



Frequently asked questions regarding this vulnerability can be found at

http://www.microsoft.com/security/bulletins/MS00-004faq.asp.



Issue

=====

The RDISK utility is used to create an Emergency Repair Disk (ERD) in order

to record machine  state information as a contingency against system

failure. During execution, RDISK creates a  temporary file containing an

enumeration of the registry. The ACLs on the file allow global read

permission, and as a result, a malicious user who knew that the

administrator was running RDISK  could open the file and read the registry

enumeration information as it was being created. RDISK  erases the file upon

successful completion, so under normal conditions there would be no lasting

vulnerability.



By default, the file is not shared and therefore could not be read by other

network users.  Although the utility is provided as part of all versions of

Windows NT 4.0, it only poses a  threat in the case of terminal servers,

because the exploit scenario requires the ability for an  administrator and

a normal user to be interactively logged onto the machine simultaneously.



Affected Software Versions

==========================

 - Microsoft Windows NT 4.0, Terminal Server Edition



Patch Availability

==================

 - http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17384



NOTE: Additional security patches are available at the Microsoft Download

Center



More Information

================

Please see the following references for more information related to this

issue.

 - Frequently Asked Questions: Microsoft Security Bulletin MS00-004,

   http://www.microsoft.com/security/bulletins/MS00-004faq.asp.

 - Microsoft Knowledge Base (KB) article Q249108,

   Registry Data Is Viewable By All Users During Rdisk Repair Update,

   http://support.microsoft.com/support/kb/articles/q249/1/08.asp.

   (Note: It may take 24 hours from the original posting of this

   bulletin for this KB article to be visible.)

 - Microsoft Knowledge Base (KB) article Q156328,

   Description of Windows NT Emergency Repair Disk,

   http://support.microsoft.com/support/kb/articles/q156/3/28.asp.

 - Microsoft Security Advisor web site,

   http://www.microsoft.com/security/default.asp.



Obtaining Support on this Issue

===============================

This is a fully supported patch. Information on contacting Microsoft

Technical Support is available at

http://support.microsoft.com/support/contact/default.asp.



Acknowledgments

===============

Microsoft thanks Arne Vidstrom (http://ntsecurity.nu) for reporting this

issue to us and working  with us to protect customers.



Revisions

=========

 - January 21, 2000: Bulletin Created.



-----------------------------------------------------------------------



THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS"

WITHOUT WARRANTY OF  ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER

EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES  OF MERCHANTABILITY AND FITNESS

FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION  OR ITS

SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,

INCIDENTAL,  CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,

EVEN IF MICROSOFT CORPORATION OR ITS  SUPPLIERS HAVE BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE  EXCLUSION OR

LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE

FOREGOING  LIMITATION MAY NOT APPLY.



(c) 2000 Microsoft Corporation. All rights reserved. Terms of Use
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru