Windows : SMB Registry : permissions of the RAS key

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.10567

Category: Windows

Title: SMB Registry : permissions of the RAS key

Summary: NOSUMMARY

Description: Description:

This script checks whether the following key can
be modified by non admins :

HKLM\Software\Microsoft\Windows\RAS

Write access to this key allows an unprivileged user
to gain additional privileges.

See Microsoft Security Bulletin MS00-095

Solution : use regedt32 and set the permissions of this
key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Risk factor : High

Cross-Ref: BugTraq ID: 2064
Common Vulnerability Exposure (CVE) ID: CVE-2001-0045
http://www.securityfocus.com/bid/2064
Microsoft Security Bulletin: MS00-095
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A500
XForce ISS Database: nt-ras-reg-perms(5671)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5671

Copyright This script is Copyright (C) 2000 Renaud Deraison

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.10567
Category:	Windows
Title:	SMB Registry : permissions of the RAS key
Summary:	NOSUMMARY
Description:	Description: This script checks whether the following key can be modified by non admins : HKLM\Software\Microsoft\Windows\RAS Write access to this key allows an unprivileged user to gain additional privileges. See Microsoft Security Bulletin MS00-095 Solution : use regedt32 and set the permissions of this key to : - admin group : Full Control - system : Full Control - everyone : Read Risk factor : High
Cross-Ref:	BugTraq ID: 2064 Common Vulnerability Exposure (CVE) ID: CVE-2001-0045 http://www.securityfocus.com/bid/2064 Microsoft Security Bulletin: MS00-095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A500 XForce ISS Database: nt-ras-reg-perms(5671) https://exchange.xforce.ibmcloud.com/vulnerabilities/5671
Copyright	This script is Copyright (C) 2000 Renaud Deraison