Article ID: 900934 - Last Review: October 11, 2007 - Revision: 1.3

Security update 896428 adds a new registry key that lets the Telnet client disclose additional environment variables in Windows Server 2003 and in Windows XP

View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

Microsoft security update 896428 (MS05-033) limits the environment variables that the Telnet client can disclose in Microsoft Windows Server 2003 and in Microsoft Windows XP. However, the security update also adds a new registry key that lets you specify additional environment variables that the Telnet client can disclose.

MORE INFORMATION


Security update 896428 adds the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetClient\AllowedEnvVariables
By default, the Telnet client lets the server request only the following environment variables:
  • USER
  • DISPLAY
  • SYSTEMTYPE
  • ACCT
  • JOB
  • PRINTER
  • SFUTLNTMODE
  • SFUTLNTVER
You can use the AllowedEnvVariables registry key to specify additional environment variables that can be disclosed by the Telnet client. The new key is created as a MULTI_SZ registry value.
APPLIES TO
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows XP Professional x64 Edition
Back to the top
Keywords: 
kbinfo kbtshoot kbsecurity KB900934
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations