CVE-2000-0089 is a vulnerability identified in the rdisk utility of Microsoft Terminal Server Edition and Windows NT 4.0. The issue arises because the rdisk utility stores registry hive information in a temporary file with overly permissive access controls. Specifically, local users can read this temporary file, which contains sensitive registry hive data. This exposure can lead to unauthorized disclosure of potentially sensitive configuration information stored in the registry hives. The vulnerability does not allow modification or deletion of data, nor does it enable remote exploitation or denial of service. It is a local information disclosure vulnerability that requires local access to the affected system. The CVSS score assigned is 2.1 (low severity), reflecting the limited impact and the requirement for local access without authentication. A patch addressing this vulnerability was released by Microsoft in the MS00-004 security bulletin. No known exploits have been reported in the wild, indicating limited active exploitation. The vulnerability primarily affects legacy systems running Windows NT 4.0 and Terminal Server Edition, which are largely obsolete in modern environments.

For European organizations, the direct impact of this vulnerability today is minimal due to the obsolescence of Windows NT 4.0 and Terminal Server Edition in enterprise environments. However, organizations that still maintain legacy systems for critical operations or compliance reasons could be at risk of local information disclosure. An attacker with local access could leverage this vulnerability to gather registry hive information, potentially aiding in further privilege escalation or lateral movement within the network. While the confidentiality impact is limited to information disclosure, it could facilitate more sophisticated attacks if combined with other vulnerabilities. The vulnerability does not affect system integrity or availability. Given the age of the affected products, most European organizations have likely migrated to newer Windows versions, reducing the practical risk. Nonetheless, legacy systems in sectors such as manufacturing, utilities, or government that have long upgrade cycles might still be vulnerable.

European organizations should ensure that all legacy Windows NT 4.0 and Terminal Server Edition systems are either decommissioned or upgraded to supported operating systems with current security patches. For environments where legacy systems must remain operational, apply the Microsoft patch MS00-004 immediately to remediate the vulnerability. Additionally, restrict local access to these legacy systems by enforcing strict physical and network access controls, such as limiting user accounts with local login privileges and using network segmentation to isolate legacy systems. Employ monitoring and auditing to detect unauthorized local access attempts. Consider using host-based intrusion detection systems (HIDS) to alert on suspicious file access or privilege escalation attempts. Finally, document and regularly review legacy system inventories to identify and prioritize remediation of unsupported software.