Microsoft Windows Page File pagefile.sys Information Disclosure

1999-06-07T00:00:00
ID OSVDB:9359
Type osvdb
Reporter OSVDB
Modified 1999-06-07T00:00:00

Description

Vulnerability Description

Windows contains a flaw that may lead to an unauthorized information disclosure. This flaw is due to the Windows paging file (Pagefile.sys) not being cleared when the system is shutdown. This flaw may present the sensitive information stored in memory in the paging file, including some plain passwords used by third-party program. This flaw may lead to a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Modify the registry to enable page file clearing.

  1. Start Registry Editor.
  2. Change the data value of the ClearPageFileAtShutdown value in the following registry key to a value of 1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ Memory Management

If the value does not exist, add the following value: Value Name: ClearPageFileAtShutdown Value Type: REG_DWORD Value: 1

  1. Restart your computer for the change to take effect

Short Description

Windows contains a flaw that may lead to an unauthorized information disclosure. This flaw is due to the Windows paging file (Pagefile.sys) not being cleared when the system is shutdown. This flaw may present the sensitive information stored in memory in the paging file, including some plain passwords used by third-party program. This flaw may lead to a loss of confidentiality.

References:

Microsoft Knowledge Base Article: Q182086 ISS X-Force ID: 2551 ISS X-Force ID: 216 CVE-1999-0595