Re: Elevated guest account
From: Frank Heyne (fh@RCS.URZ.TU-DRESDEN.DE)Date: 10/09/01
- Previous message: Scott Schnoll: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- In reply to: Rump: "Elevated guest account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BC33FC1.17143.256519@localhost> Date: Tue, 9 Oct 2001 18:19:45 +0200 From: Frank Heyne <fh@RCS.URZ.TU-DRESDEN.DE> Subject: Re: Elevated guest account To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
On 19 Sep 2001, at 7:19, Rump wrote:
> After reading about the enabling and elevating of the guest account by
> the nimda virus I would like to point you all to this handy tool by Arne
> Vidstrom available here: http://ntsecurity.nu/toolbox/delguest/
> Just run delguest.exe /accept and reboot your machine. The guest account
> is then gone.
But be aware that this will give you no more security!
Anyone who is able to enable a disabled user account and to add this
account to the admin group is able to (re)create a deleted account as
well!
Frank Heyne
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate
- Previous message: Scott Schnoll: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- In reply to: Rump: "Elevated guest account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
