OS/2 subsystem enabled (OS/2 Subsystem Enabled)

Vuln ID: 218
Risk Level: Low risk vulnerability  Low OS/2 Subsystem Enabled
Platforms: Microsoft Windows NT: 4.0, Microsoft Windows 2000
Description:

The OS/2 subsystem is enabled. Enabling the OS/2 subsystem can allow a process to persist across logins.

Remedy:

Change the registry to remove access to the OS/2 subsystem and remove the file that controls the OS/2 subsystem.

CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved.

To remove the OS/2 subsystem from Windows NT:

  1. Open the Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
  2. Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems key.
  3. Locate the Os2 value.
  4. Write down the file name that is referenced by the value's data.
  5. Delete the registry value.

To remove the files associated with the OS/2 subsystem:

  1. Open Windows NT Explorer or My Computer.
  2. Using the path and file name you noted in step 4 above, delete the file that used to be referenced by the registry.
Required Permission: Windows login
Additional Information:

References:

Microsoft Knowledge Base Article 105992
Windows NT Subsystems and Associated Files
http://support.microsoft.com/default.aspx?scid=kb;[LN];105992

ISS X-Force
OS/2 subsystem enabled
http://www.iss.net/security_center/static/218.php

CVE CVE-1999-0654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0654


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures