[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Microsoft Windows NT 4.0 MTS Package Administration Registry Key Vulnerability

Title: Microsoft Windows NT 4.0 MTS Package Administration Registry Key Vulnerability
Released by: MS
Date: 6th December 2000
Printable version: Click here 
Title: Microsoft Windows NT 4.0 MTS Package Administration Registry

Key Vulnerability

BID: 2065

Published: December 06, 2000

Vulnerable: Microsoft Windows NT 4.0

Microsoft Windows NT 4.0 Server

Microsoft Windows NT 4.0 Server, Enterprise Edition

Microsoft Windows NT 4.0 Server, Terminal Server Edition



Discussion:



Microsoft Transaction Server (MTS) is the mechanism used by Microsoft Windows

NT to handle transactions or MTS packages which are series of software modules

that form a transaction.



The registry key in Windows NT 4.0 that handles the administration of

Microsoft Transaction Server (MTS) is not properly configured to deny write

access to unprivileged users. Modification rights on this particular registry

should only be reserved for administrators. However, any user that is able to

log onto a system with MTS installed is able to alter the values for the MTS

registry key and its subkeys located at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Transaction Server\Packages.



Among the information stored in the MTS registry key is the list of MTS

managers for each MTS package. A malicious users can reconfigure or add new

MTS packages to the system by adding his userid to the list of managers

of the System Package by modifying values in the MTS registry key.



While adding new MTS packages to be executed under the context of a

different account requires the account password and thus a malicious

user would have to known the password to execute a new package under

a context other than his own, the malicious user could modify an existing

MTS package to perform unauthorized actions.



The registry key could be modified remotely if the Winreg key was enabled to

allow remote access to the registry (Winreg is enabled by default).



MTS is not installed by default on Windows NT 4.0. MTS is part of

the Windows NT 4.0 Option Pack.



Solution:



Microsoft has released the following tool which corrects the registry key

value (this tool also corrects the registry values for other vulnerabilities

discussed in Microsoft Security Bulletin MS00-095). Please see Frequently

Asked Questions (Microsoft Security Bulletin MS00-095) under "Credit" for

details in regards to proper usage of the tool:



Microsoft patch Q265714i

http://download.microsoft.com/download/winntsp/Patch/Q266794/NT4/EN-US/Q265714i.EXE

Intel



Credit:



Discovered by Glenn Larsson and publicized in a Microsoft Security Bulletin

(MS00-095) on December 6, 2000



Reference:



http://www.securityfocus.com/bid/2065

http://www.microsoft.com/technet/security/bulletin/ms00-095.asp

http://www.microsoft.com/technet/security/bulletin/fq00-095.asp

--

Elias Levy

SecurityFocus.com

http://www.securityfocus.com/

Si vis pacem, para bellum






(C) 1999-2000 All rights reserved.