Windows : SMB Registry : permissions of the Microsoft Transaction Server key

Vulnerability Search		Search 219043 CVE descriptions and 99761 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.11867

Category: Windows

Title: SMB Registry : permissions of the Microsoft Transaction Server key

Summary: NOSUMMARY

Description: Description:

The registry key HKLM\SOFTWARE\Microsoft\Transaction Server\Packages
can be modified by users not in the admin group.

Write access to this key allows an unprivileged user to gain additional
privileges.

See Microsoft Security Bulletin MS00-095

Solution : use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Risk factor : High

Cross-Ref: BugTraq ID: 2065
Common Vulnerability Exposure (CVE) ID: CVE-2001-0047
http://www.securityfocus.com/bid/2065
Microsoft Security Bulletin: MS00-095
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A140
XForce ISS Database: nt-mts-reg-perms(5673)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5673

Copyright This script is Copyright (C) 2003 Tenable Network Security

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.11867
Category:	Windows
Title:	SMB Registry : permissions of the Microsoft Transaction Server key
Summary:	NOSUMMARY
Description:	Description: The registry key HKLM\SOFTWARE\Microsoft\Transaction Server\Packages can be modified by users not in the admin group. Write access to this key allows an unprivileged user to gain additional privileges. See Microsoft Security Bulletin MS00-095 Solution : use regedt32 and set the permissions of this key to : - admin group : Full Control - system : Full Control - everyone : Read Risk factor : High
Cross-Ref:	BugTraq ID: 2065 Common Vulnerability Exposure (CVE) ID: CVE-2001-0047 http://www.securityfocus.com/bid/2065 Microsoft Security Bulletin: MS00-095 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A140 XForce ISS Database: nt-mts-reg-perms(5673) https://exchange.xforce.ibmcloud.com/vulnerabilities/5673
Copyright	This script is Copyright (C) 2003 Tenable Network Security