Check or Attack Name: winreg

The SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg key is not present. This key controls remote access to the registry. If the 'everyone' group is not allowed access, null session access to the registry can be prevented. This vulnerability can allow non-authenticated users to write registry keys, if this key is not present, remote access to the registry is not controlled, and Service Pack 3 is not applied.

Apply the latest Windows NT 4.0 Service Pack and modify the registry for RestrictAnonymous.

To apply the latest Windows NT 4.0 Service Pack, follow these steps:

1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.

—AND—

To set permission to the winreg key in the NT registry, follow these steps:

1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA.
3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
4. Restrict access from Everyone.