Microsoft Product Support Services   All Products  |   Support  |   Search  |   microsoft.com Home  
microsoft.com
  Support Home  |   Self Support  |   Assisted Support  |   Custom Support  |   Worldwide Support  |

Registry-Invoked Programs Use Standard Search Path


The information in this article applies to:
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Server, Enterprise Edition version 4.0
  • Microsoft Windows NT Workstation version 4.0
  • Microsoft Windows NT Server version 4.0, Terminal Server Edition


SYMPTOMS

It may be possible for a malicious user to place a program named Explorer.exe in the C:\ folder (the root of drive C) so that it is run in place of the standard Windows shell program. By default, the share permissions on the C:\ folder are set to Everyone Full Access. Anyone who has access to this share, either locally or through a network connection, can place a program there that is run before the Explorer.exe shell.


CAUSE

This issue can occur when you start a program by using a registry key if the entry does not specify an absolute path. Without a complete path, a standard path search order is followed. For example, the Shell value in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key has a default value of "Explorer.exe" without any path information. During startup, when this value is read (without an explicit path), Windows attempts to locate the program by using a folder search. Contrary to the Windows 2000 documentation, the C:\ folder is the first location that is checked. Any program located there that is named Explorer.exe is run in place of the correct shell program.


RESOLUTION

Windows 2000

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to computers that are experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://support.microsoft.com/directory/overview.asp
The following file is available for download from the Microsoft Download Center. Click the file name below to download the file:
Q269049_w2k_sp2_x86_en.exe
For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   Date      Time    Size     File name
   ---------------------------------------
   07/18/00  05:07p  331,536  Msgina.dll
   07/18/00  05:07p   17,680  Userinit.exe 

Windows NT 4.0

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to computers that are experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0 service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://support.microsoft.com/directory/overview.asp
The following files are available for download from the Microsoft Download Center. Click the file names below to download the files:
x86: Q269049i.exe
Alpha: Q269049a.exe
For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   Date      Time    Size     File name   Platform
   -----------------------------------------------
   07/18/00  07:27p  124,176  Msgina.dll  Intel
   07/18/00  07:25p  160,528  Msgina.dll  Alpha 

Windows NT Server 4.0, Terminal Server Edition

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to computers that are experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0, Terminal Server Edition, service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://support.microsoft.com/directory/overview.asp
The following files are available for download from the Microsoft Download Center. Click the file names below to download the files:
x86: Q269049i.exe
Alpha: Q269049a.exe
For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   Date      Time    Size     File name   Platform
   -----------------------------------------------
   07/18/00  07:22p  207,120  Msgina.dll  Intel
   07/18/00  07:08p  259,344  Msgina.dll  Alpha 


STATUS

Windows 2000

Microsoft has confirmed this to be a problem in Windows 2000.

Windows NT 4.0

Microsoft has confirmed this to be a problem in Windows NT 4.0.

Windows NT Server 4.0, Terminal Server Edition

Microsoft has confirmed this to be a problem in Windows NT Server 4.0, Terminal Server Edition.


MORE INFORMATION

For related information about this problem, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms00-053.asp
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
http://www.microsoft.com/security/
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
Q249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Additional query words:

Keywords : kbdocerr kbWin2000PreSP2Fix
Issue type : kbbug
Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT400search kbwin2kAdvSer kbwin2kAdvSerSearch kbwin2kS kbWinNTSsearch kbWinNTSEntSearch kbWinNTS400search kbWinNTS400 kbwin2kSSearch kbwin2kSearch kbwin2kProSearch kbwin2kPro kbNTTermServ400 kbNTTermServSearch


Last Reviewed: November 15, 2000
2000 Microsoft Corporation. All rights reserved. Terms of Use.


Article ID: Q269049

Last Reviewed:
November 15, 2000

Send to a friend

Provided by
Microsoft Product Support Services


Did the information in this article help answer your question?

Yes
No
Did not apply

Please provide additional comments about this information.
(255 character max)