Tool for 'OffloadModExpo Registry Permissions' Vulnerability

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Published: April 1, 2000

Microsoft has released a tool that installs tighter permissions on a Windows NT® 4.0 registry key. The default permissions could allow a malicious user who can interactively log onto a Windows NT 4.0 machine to compromise the cryptographic keys of other users who subsequently log onto the same machine. For more information, please refer to the Microsoft Knowledge Base article 259496 in Microsoft TechNet or the Microsoft Security Bulletin MS00-024
(https://www.microsoft.com).

Affected Software Versions:

  • Microsoft Windows NT 4.0 Workstation

  • Microsoft Windows NT 4.0 Server

  • Microsoft Windows NT 4.0 Server, Enterprise Edition

  • Microsoft Windows NT 4.0 Server, Terminal Server Edition

Supported tool that corrects this problem is now available from Microsoft, but has not been fully regression tested and should be applied only to systems determined to be at risk. Please evaluate your system's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your system. If your system is sufficiently at risk,

Microsoft recommends you apply the tool. Otherwise, wait for the next Windows NT 4.0 service pack that contain this tool.

Click here to copy 259496i.exe (Intel based) to your computer

Click here to copy 259496a.exe (Alpha based) to your computer

THE INFORMATION AND TOOL(S) ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.