Solved

All XP functions containing 'xp_reg' should be removed

Posted on 2013-01-24
3
1,751 Views
Last Modified: 2014-03-18
I ran a vulnerability scan on my Windows 2008 server with SQL 2005 server and need to fix this;

"SQL Insecure Registry Access Commands Detected
Deny access to all store procedures that allow users to read or write the system's registry.  All XP functions containing 'xp_reg' should be removed or restricted from access."

Any idea what I need to do to fix this?
0
Comment
Question by:355LT1
3 Comments
 
LVL 7

Accepted Solution

by:
Ross Turner earned 500 total points
ID: 38813456
You Could try this to find any instances of xp_reg:
use master
select o.name,user_name(p.grantee_principal_id)
from sys.system_objects o, sys.database_permissions p
where o.object_id = p.major_id and
o.name like ‘xp_reg%’ and p.type=’EX’

Open in new window

Revoke execute permissions to registry procedures where not authorized.
From the query prompt:
revoke execute on <registry procedure name> from <user name>

Open in new window

0
 

Author Comment

by:355LT1
ID: 38813727
I executed these 5 commands in sqlcmd and there now results from 1-5

anything missing
0
 

Expert Comment

by:tnrdhdhllblly
ID: 39937936
Thanks so much! This helped tremendously.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: When running hybrid database environments, you often need to query some data from a remote db of any type, while being connected to your MS SQL Server database. Problems start when you try to combine that with some "user input" pass…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now