|
Family: Windows --> Category: infos
SMB Registry : value of SFCDisable Vulnerability Scan
Vulnerability Scan Summary Acertains the value of SFCDisable
Detailed Explanation for this Vulnerability Test
Synopsis :
Local users have full rights on the remote host.
Description :
The registry key
HKLM\SOFTWARE\Microsoft\Windows NT\WinLogon\SFCDisable has its
value set to a value other than 0 or 4.
Any value other than 0 or 4 disables the Windows File Protection,
which allows any user on the remote host to view / modify any file
he wants.
This probably means that this host has been compromised.
Solution :
Set the value of this key to 0. You should reinstall this host
See also :
http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0296.html
http://support.microsoft.com/kb/q222473/
Threat Level:
High / CVSS Base Score : 7
(AV:L/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|