
Windows NT Registry
This indicates that the scanner is able to open the registry remotely. If the
user running the scanner should have access to the scanned host from the
network, this does not indicate a problem. If the scanner is run by a user who
should not have access, the host should be checked to determine if the guest
account is enabled, or if the
Once the registry has been opened, the access control list for
HKEY_LOCAL_MACHINE and HKEY_CLASSES_ROOT are then checked for appropriate permissions.
Windows NT 3.51 and earlier shipped with HKEY_CLASSES_ROOT set as writeable to
everyone. This allows any user with access to the computer to alter the file
associations (for example, *.txt = notepad.exe), which could potentially lead to the
installation of a trojan application. If the guest account has been allowed
write access to the registry, it indicates a very serious misconfiguration or that
the computer has been breached by an intruder.
Risk: Low to high
OS Vulnerable: Windows NT
Fix: Review registry permissions. Under NT 4.0, registry access from the network
can be denied completely.