Security update 896428 adds a new registry key that lets the Telnet client disclose additional environment variables in Windows Server 2003 and in Windows XP (900934)

The information in this article applies to:

Microsoft Windows XP Home Edition
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Professional
Microsoft Windows XP Tablet PC Edition
Microsoft Windows Server 2003, Enterprise Edition
Microsoft Windows Server 2003, Standard Edition
Microsoft Windows XP Professional x64 Edition

INTRODUCTION

Microsoft security update 896428 (MS05-033) limits the environment variables that the Telnet client can disclose in Microsoft Windows Server 2003 and in Microsoft Windows XP. However, the security update also adds a new registry key that lets you specify additional environment variables that the Telnet client can disclose.

MORE INFORMATION

Security update 896428 adds the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetClient\AllowedEnvVariables

By default, the Telnet client lets the server request only the following environment variables:

USER
DISPLAY
SYSTEMTYPE
ACCT
JOB
PRINTER
SFUTLNTMODE
SFUTLNTVER

You can use the AllowedEnvVariables registry key to specify additional environment variables that can be disclosed by the Telnet client. The new key is created as a MULTI_SZ registry value.

Modification Type:	Major	Last Reviewed:	6/14/2005
Keywords:	kbSecurity kbtshoot kbinfo KB900934 kbAudITPRO kbAudEndUser kbAudDeveloper