Everyone security hole


When a properly authenticated user logs on locally to a Windows NT computer,
that user becomes a member of the Everyone group. The
default permission on the keys below allow members of the “Everyone” group special access, which includes the right to
Set Values or Create Subkeys. This allows members of the “Everyone” group to create an entry under the Run and RunOnce keys that contains
the name of a program to run when the computer starts. The Uninstall key defines the programs to run when you remove an
application.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall


Because there is a potential for the abuse of this level of
rights, you may want to reset these permissions.

A. From the Security menu, click Permissions.
B. Click “Replace
Permissions on Existing Subkeys” so that it is selected.
C. Click
Everyone, change the Type Of Access to Read, and then click OK.

Several sources recommend modifying the following subkeys so that the
Everyone group has only Query Value, Read Control, Enumberate Subkeys, and
Notify access.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version
HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status HKEY_CLASSES_ROOT

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top