header-logo
Suggest Exploit
vendor:
Windows NT
by:
Unknown
N/A
CVSS
N/A
Registry Key Vulnerabilities
Unknown
CWE
Product Name: Windows NT
Affected Version From: 2.1.2.4202.3 (GA)
Affected Version To: Unknown
Patch Exists: YES
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

(MDAC) 2.1.2.4202.3 (GA),Microsoft Windows NT 4.0/alpha/SP1/SP1 alpha/SP2/SP2 alpha/SP3/SP3 alpha/SP4/SP4 alpha/SP5/SP5 alpha/SP6/SP6 alpha JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities

Microsoft has made available fixes for the JET/ODBC and RDS vulnerabilities. These fixes implement specific Registry Key values to restrict 'malicious activity'. The Security Permissions over these Registry Keys are Set to 'Everyone:Special Access'. Special Access, in these instances, includes 'Set Value'. This permission allows members of the Everyone Group (Domain Users, Users, Guests, etc.) to modify the value of these keys, including the ability to disable the security features which may have been enabled by the administrator. Disabling the Data FactoryHandlerInfo setting ('handlerRequired DWORD=0') may open the host to exploit via the MDAC RDS exploit as described in Bugtraq ID 529 (https://www.securityfocus.com/bid/529.html).

Mitigation:

Modify the HKEY_Local_Machine\Software\Microsoft\DataFactory\HandlerInfo Registry Key value 'handlerRequired' to DWORD=0
Source

Exploit-DB raw data:

(MDAC) 2.1.2.4202.3 (GA),Microsoft Windows NT 4.0/alpha/SP1/SP1 alpha/SP2/SP2 alpha/SP3/SP3 alpha/SP4/SP4 alpha/SP5/SP5 alpha/SP6/SP6 alpha JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities

source: https://www.securityfocus.com/bid/654/info

Microsoft has made available fixes for the JET/ODBC and RDS vulnerabilities. These fixes implement specific Registry Key values to restrict "malicious activity". The Registry Keys include:

for JET/ODBC:
HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\3.5\Engines\SandboxMode

for RDS:
HKEY_LOCAL_MACHINE\Software\Microsoft\DataFactory\HandlerInfo
Value: handlerRequired
DWORD=1

The Security Permissions over these Registry Keys are Set to "Everyone:Special Access". Special Access, in these instances, includes 'Set Value'. This permission allows members of the Everyone Group (Domain Users, Users, Guests, etc.) to modify the value of these keys, including the ability to disable the security features which may have been enabled by the administrator. Disabling the Data Factory\HandlerInfo setting ("handlerRequired DWORD=0") may open the host to exploit via the MDAC RDS exploit as described in Bugtraq ID 529 <https://www.securityfocus.com/bid/529.html>. 

Modify the HKEY_Local_Machine\Software\Microsoft\DataFactory\HandlerInfo Registry Key value "handlerRequired" to DWORD=0