Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Security update 896428 adds a new registry key that lets the Telnet client disclose additional environment variables in Windows Server 2003 and in Windows XP


View products that this article applies to.

Introduction

Microsoft security update 896428 (MS05-033) limits the environment variables that the Telnet client can disclose in Microsoft Windows Server 2003 and in Microsoft Windows XP. However, the security update also adds a new registry key that lets you specify additional environment variables that the Telnet client can disclose.

↑ Back to the top


More information


Security update 896428 adds the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetClient\AllowedEnvVariables
By default, the Telnet client lets the server request only the following environment variables:
  • USER
  • DISPLAY
  • SYSTEMTYPE
  • ACCT
  • JOB
  • PRINTER
  • SFUTLNTMODE
  • SFUTLNTVER
You can use the AllowedEnvVariables registry key to specify additional environment variables that can be disclosed by the Telnet client. The new key is created as a MULTI_SZ registry value.

↑ Back to the top


Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

↑ Back to the top


Keywords: KB900934, kbinfo, kbtshoot, kbsecurity

↑ Back to the top

Article Info
Article ID : 900934
Revision : 3
Created on : 7/8/2010
Published on : 7/8/2010
Exists online : False
Views : 535