Title: Microsoft Windows NT 4.0 MTS Package Administration Registry Key Vulnerability
Severity: MODERATE
Description:
Microsoft Transaction Server (MTS) is the mechanism used by Microsoft Windows NT to handle transactions or MTS packages which are series of software modules that form a transaction.
The registry key in Windows NT 4.0 that handles the administration of Microsoft Transaction Server (MTS) is not properly configured to deny write access to unprivileged users. Modification rights on this particular registry should only be reserved for administrators. However, any user that is able to log onto a system with MTS installed is able to alter the values for the MTS registry key and its subkeys located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Transaction Server\Packages. This would provide unprivileged users the ability to execute or add MTS packages which would be run under the security context of their account. The registry key could be modified remotely if the Winreg key was enabled to allow remote access to the registry (Winreg is enabled by default).
MTS is not installed by default on Windows NT 4.0.
Affected Products:
- Microsoft Windows NT 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
