|
|
Microsoft WinNT 4.0 'RDISK Registry Enumeration File' Vulnerability patch (update)
-
Version
1
On January 21, 2000, Microsoft released the original version of this bulletin, discussing a security vulnerability in a Microsoft(r) Windows NT(r) 4.0 administrative utility. The original version of the bulletin discussed the vulnerability within the context of Windows NT 4.0 Server, Terminal Server Edition. However, we have since learned of scenarios under which the vulnerability could also affect Windows NT 4.0 servers and workstations, and have revised the bulletin accordingly. The utility creates a temporary file during execution that can contain security-sensitive information, but does not appropriately restrict access to it. Under certain conditions, it could be possible for a malicious user to read the file as it was being created.
|