Registry opened through a null session

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: registry - null session
Platforms: Windows NT
Description:

The registry was accessed through a null session. Information may be obtained that compromises the security of the system.

Remedy:

Apply the latest Windows NT 4.0 Service Pack or the post-SP3 iis-fix patch.

To apply the latest service pack, follow these steps:

  1. Open a web browser.
  2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
  3. Find the installation program you downloaded to your computer.
  4. Double-click the program icon to start the installation.
  5. Follow the installation directions.

—OR—

Windows NT 4.0 SP3 users must install the post-SP3 iis-fix patch, available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/iis-fix/.

—AND—

Restrict anonymous connections by changing the registry. Note: This step must be performed after you apply the post-SP2 sec-fix patch or the latest Windows NT 4.0 Service Pack.

To restrict anonymous connections in Windows NT, follow these steps:

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

  1. If you have not already done so, apply Windows NT 4.0 Service Pack 3 or the post-SP2 sec-fix patch available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP2/sec-fix/.
  2. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
  3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA.
  4. From the Edit menu, select Add Value to display the Add Value dialog box.
  5. In the Value Name field, type RestrictAnonymous.
  6. Select REG_DWORD as the Data Type.
  7. Click OK to display the DWORD Editor.
  8. In the Data field, type 1. (Ignore the Radix setting.)
  9. Click OK. Registry Editor adds the key to the registry.
  10. Reboot the system to apply the changes.
References:
X-Force Logo
Know Your Risks