Solved

All XP functions containing 'xp_reg' should be removed

Posted on 2013-01-24
3
1,731 Views
Last Modified: 2014-03-18
I ran a vulnerability scan on my Windows 2008 server with SQL 2005 server and need to fix this;

"SQL Insecure Registry Access Commands Detected
Deny access to all store procedures that allow users to read or write the system's registry.  All XP functions containing 'xp_reg' should be removed or restricted from access."

Any idea what I need to do to fix this?
0
Comment
Question by:355LT1
3 Comments
 
LVL 7

Accepted Solution

by:
Ross Turner earned 500 total points
ID: 38813456
You Could try this to find any instances of xp_reg:
use master
select o.name,user_name(p.grantee_principal_id)
from sys.system_objects o, sys.database_permissions p
where o.object_id = p.major_id and
o.name like ‘xp_reg%’ and p.type=’EX’

Open in new window

Revoke execute permissions to registry procedures where not authorized.
From the query prompt:
revoke execute on <registry procedure name> from <user name>

Open in new window

0
 

Author Comment

by:355LT1
ID: 38813727
I executed these 5 commands in sqlcmd and there now results from 1-5

anything missing
0
 

Expert Comment

by:tnrdhdhllblly
ID: 39937936
Thanks so much! This helped tremendously.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now