• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NT Index Server Remote Registry Vulnerability

During installation of Microsoft Index Server 2.0 a new registry entry is created and added to the list of network-available subkeys. This list is found at: HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths

The added subkey is HKLM\System\CurrentControlset\Control\ContentIndex\Catalogs. What this does is allow an intruder to gather information about the physical structure of paths and sirectories being indexed, and in the case of remote indexing also the machine name and the account used.