Security update 896428 adds a new registry key that lets the Telnet client disclose additional environment variables in Windows Server 2003 and in Windows XP

View products that this article applies to.

Article ID	:	900934
Last Review	:	October 11, 2007
Revision	:	1.3

INTRODUCTION

Microsoft security update 896428 (MS05-033) limits the environment variables that the Telnet client can disclose in Microsoft Windows Server 2003 and in Microsoft Windows XP. However, the security update also adds a new registry key that lets you specify additional environment variables that the Telnet client can disclose.

MORE INFORMATION

Security update 896428 adds the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetClient\AllowedEnvVariables

By default, the Telnet client lets the server request only the following environment variables:

•	USER
•	DISPLAY
•	SYSTEMTYPE
•	ACCT
•	JOB
•	PRINTER
•	SFUTLNTMODE
•	SFUTLNTVER

You can use the AllowedEnvVariables registry key to specify additional environment variables that can be disclosed by the Telnet client. The new key is created as a MULTI_SZ registry value.

APPLIES TO

•	Microsoft Windows XP Home Edition
•	Microsoft Windows XP Media Center Edition
•	Microsoft Windows XP Professional
•	Microsoft Windows XP Tablet PC Edition
•	Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
•	Microsoft Windows Server 2003, Standard Edition (32-bit x86)
•	Microsoft Windows XP Professional x64 Edition

Back to the top

kbinfo kbtshoot kbsecurity KB900934

Article Translations

Related Support Centers

Other Support Options

Need More Help?
Contact a Support professional by E-mail, Online or Phone.
Customer Service
For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
Newsgroups
Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.