NT IBM Netfinity Remote Control Software Vulnerability

NT IBM Netfinity Remote Control Software Vulnerability

Solution:
Do not run the IBM Remote Control Software application or client modules on your NT hosts.

IBM will be releasing a patch for this vulnerability. In the meantime, IBM suggests:

Set NTFS LIST permissions over the WNETFIN directory. This will prevent users from executing the Netfinity Manager Services.

Use Netfinity Security Manager to restrict access to Process Manager and Remote Session.

Configure the Netfinity Manager Services to start with a non-administrator level user account.

Audit the activities of the service-user account.

Do not install Netfinity Manager Services on client machines. Only install Client Services for Netfinity Manager on client machines.

Prevent the installation of Process Manager and Remote Session by editing the INSTALL.INI file.