Check or Attack Name: Trojan Key Permissions

A registry key that may allow a user to trojan other users who log in has been found with improper permissions. The vulnerable keys under HKEY_LOCAL_MACHINE are:

• Software\Microsoft\Windows\CurrentVersion\App Paths
• Software\Microsoft\Windows\CurrentVersion\Controls Folder
• Software\Microsoft\Windows\CurrentVersion\DeleteFiles
• Software\Microsoft\Windows\CurrentVersion\Explorer
• Software\Microsoft\Windows\CurrentVersion\Extensions
• Software\Microsoft\Windows\CurrentVersion\ExtShellViews
• Software\Microsoft\Windows\CurrentVersion\Internet Settings
• Software\Microsoft\Windows\CurrentVersion\ModuleUsage
• Software\Microsoft\Windows\CurrentVersion\RenameFiles
• Software\Microsoft\Windows\CurrentVersion\Setup
• Software\Microsoft\Windows\CurrentVersion\SharedDLLs
• Software\Microsoft\Windows\CurrentVersion\Shell Extensions
• Software\Microsoft\Windows\CurrentVersion\Uninstall
• Software\Microsoft\Windows NT\CurrentVersion\Compatibility
• Software\Microsoft\Windows NT\CurrentVersion\Drivers
• Software\Microsoft\Windows NT\CurrentVersion\drivers.desc
• Software\Microsoft\Windows NT\CurrentVersion\Drivers32\0
• Software\Microsoft\Windows NT\CurrentVersion\Embedding
• Software\Microsoft\Windows NT\CurrentVersion\MCI
• Software\Microsoft\Windows NT\CurrentVersion\MCI Extensions
• Software\Microsoft\Windows NT\CurrentVersion\Ports
• Software\Microsoft\Windows NT\CurrentVersion\ProfileList
• Software\Microsoft\Windows NT\CurrentVersion\WOW

Use Registry Editor to set permissions on each of these keys to Administrators: Full Access, System: Full Access, and Everyone: Read Access.

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

Note: Restricting security on these keys may impair a user's ability to install software.