Check or Attack Name: registry

The Windows NT registry may be opened by a remote user. This may indicate that permissions are not set properly, or that possibly the Guest account is enabled with network access rights. An attacker could alter file associations, permitting the introduction of a Trojan horse, or otherwise seriously compromise the machine.

If the host running the scan is a trusted host, this may not indicate a vulnerability. Under Windows NT 4.0, registry access from the network can be denied completely.

Restrict registry access or reset permissions (or both).

To restrict registry access, follow these steps:

1. Open Registry Editor. From the Windows NT Start Menu, select Run, type regedt32 and click OK.
2. Go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg key.
3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
4. Restrict access to all or set permissions to allow access to approved Administrators only.