• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Exchange Inappropriate Registry Permissions Vulnerability

A flaw has been reported in the Microsoft Exchange System Attendant, which could allow unprivileged users access to the WinReg key.

The WinReg key controls users and groups ability to connect remotely to the registry.

The System Attendant must ensure the that the Microsoft Exchange System Manager can remotely connect, in doing so, the System Attendant adds the 'Everyone' group to the WinReg key.