Microsoft KB Archive/900934

= Security update 896428 adds a new registry key that lets the Telnet client disclose additional environment variables in Windows Server 2003 and in Windows XP =

Article ID: 900934

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows XP Professional x64 Edition

-



INTRODUCTION
Microsoft security update 896428 (MS05-033) limits the environment variables that the Telnet client can disclose in Microsoft Windows Server 2003 and in Microsoft Windows XP. However, the security update also adds a new registry key that lets you specify additional environment variables that the Telnet client can disclose.



MORE INFORMATION
Security update 896428 adds the following registry subkey:

By default, the Telnet client lets the server request only the following environment variables:
 * USER
 * DISPLAY
 * SYSTEMTYPE
 * ACCT
 * JOB
 * PRINTER
 * SFUTLNTMODE
 * SFUTLNTVER

You can use the AllowedEnvVariables registry key to specify additional environment variables that can be disclosed by the Telnet client. The new key is created as a MULTI_SZ registry value.

Keywords: kbinfo kbtshoot kbsecurity KB900934

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.