Registry Data Is Viewable By All Users During Rdisk Repair Update

ID: Q249108

The information in this article applies to:

Microsoft Windows NT Workstation version 4.0
Microsoft Windows NT Server version 4.0
Microsoft Windows NT Server, Enterprise Edition version 4.0
Microsoft Windows NT Server version 4.0, Terminal Server Edition

SYMPTOMS

When you use the Rdisk tool to update the repair information on a computer that is running Windows NT 4.0, a temporary file is created that enumerates all of the registry hives and their current settings. The permissions on this file do not prevent anyone from reading or changing the temporary file's contents while Rdisk is running.

When the Rdisk tool completes the update procedure, the temporary file is deleted. However, if the Rdisk tool is interrupted or ends abnormally (requiring a restart), the file masy still be accessed after the computer is rebooted. The file can also be read while the Rdisk tool is running.

RESOLUTION

Windows NT 4.0 and Windows NT 4.0, Enterprise Edition

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

The English version of this fix should have the following file attributes or later:


   Date         Time     Size      File name   Platform
   ----------------------------------------------------
   01/02/2000   03:35p    68,368   Rdisk.exe   x86
   01/02/2000   03:34p   137,488   Rdisk.exe   Alpha

Windows NT 4.0, Terminal Server Edition

The following file is available for download from the Microsoft Download Center. Click the file name below to download the file:

x86: Q249108i.exe

For more information about how to download files from the Microsoft Download Center, please visit the Download Center at the following Web address

http://www.microsoft.com/downloads/search.asp

and then click How to use the Microsoft Download Center.

The English-language version of this fix should have the following file attributes or later:


   Date       Time     Size     File name   Platform
   ----------------------------------------------------
   12/29/99   03:10p   68,368   Rdisk.exe   x86

STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.

MORE INFORMATION

For related information on this problem, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms00-004.asp

For additional security-related information about Microsoft products, pleasevisit the following Microsoft Web site:

http://www.microsoft.com/security/

Additional query words:

Keywords : kbtool ntsecurity ntsp kbbug4.00 kbfix4.00
Version : winnt:4.0
Platform : winnt
Issue type : kbbug