CVE-1999-1356

Vulnerability

The Compaq Integration Maintenance Utility, included with Compaq Insight Manager agent versions prior to SmartStart 4.50, overwrites the Windows NT registry keys HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\LegalNoticeCaption and LegalNoticeText during upgrades [1]. This occurs specifically when upgrading to version 4.23b of the Insight Manager agent [1]. The utility replaces the legal notice with a message prompting the user to continue the installation after reboot, and upon completion, the keys are cleared, removing the original legal notice [1]. The issue was confirmed to be with the Integration Maintenance Utility, not the agent itself [3].

Exploitation

An attacker does not directly exploit this vulnerability; rather, it is a side effect of the legitimate upgrade process. The utility runs with sufficient privileges to modify the registry. No user interaction beyond initiating the upgrade is required. The vulnerability manifests during the upgrade procedure, where the legal notice is overwritten and later cleared [1].

Impact

The impact is a violation of security policy if the organization relies on the Windows NT legal notice to warn users before logon. The legal notice caption and text are removed, potentially allowing unauthorized users to bypass warnings that are required by policy. This is a loss of integrity of the security configuration, though no direct compromise of confidentiality or availability is reported [1].

Mitigation

The fix was included in SmartStart version 4.50, which was released the first week of November 1999 [3]. Users should upgrade to SmartStart 4.50 or later to prevent the overwriting of legal notice registry keys. No workaround is documented in the references; however, administrators could manually back up and restore the registry keys after the upgrade process [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.