[6984] in cryptography@c2.net mail archive
Re: MS on NSA_KEY in Windows
daemon@ATHENA.MIT.EDU (Greg Reynolds)
Tue May 2 16:09:39 2000
Message-ID: <390EE961.7809@earthlink.net>
Date: Tue, 02 May 2000 10:42:41 -0400
From: Greg Reynolds <gregreynolds@earthlink.net>
Reply-To: gregreynolds@earthlink.net
MIME-Version: 1.0
To: Sergio Tabanelli <sergio.tabanelli@fst.it>
Cc: cryptography@c2.net
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sergio Tabanelli wrote:
>
> Recently I posted to some mailing lists, questions and observation about a
> new strange functionality in W2K called OffloadModExpo. Some of these were
> about a strange coincidence, I've never found a distribution which
> contemporary use the _NSAKEY and the
> OffloadModExpo functionality. I’ve also privately presented all the
> following considerations to Scott Culp of the Microsoft Security Response
> Center, a very interesting discussion followed my signaling. If someone is
> interested I can make it public.
>
> This is my posting to public mailing lists:
>
> >>
> Microsoft has released a new security bulletin
> (http://www.microsoft.com/technet/security/bulletin/ms00-024.asp)
> about a vulnerability in the NT registry permission setting for a
> functionality called OffloadModExpo. I thanks Microsoft and Scott Culp for
> the Acnowledgments.
> This is the full story:
<snip background discussion>
Love to hear the response from Scott & Co. The hole you found in NT was
big enough to cause a lot of trouble.
Greg
