Windows NT contains a vulnerability that could allow an unauthenticated, remote attacker to establish a NULL session connection. This connection could allow the attacker to read registry information and enumerate shares anonymously.
This vulnerability is named after a widely distributed exploit program, which featured a large red button to activate the exploit.
Administrators are advised to install Microsoft Windows NT 4.0 Service Pack 3 or the Windows NT 3.51 hotfix, additional information is available from Microsoft.
Administrators are advised to permit only authenticated users to list account names and to exclude anonymous connections from doing so. The following registry change will provide these limitations:
Edit the key
Choose Add Value from the Edit menu and input this entry:
Value Name: RestrictAnonymous
Data Type: REG_DWORD
Change the value to 1