Registry

Registry stored procedures could allow an attacker to retrieve information about the server, discover passwords, or elevate privileges. Care should be taken when removing them, however, because they are used by some Enterprise Manager features and service pack installers. Usually the best course of action is to ensure that their use is restricted to system administrators. Use of the SQL Profiler can pinpoint exactly how and when they are utilized.

• xp_regaddmultistring: Used to add a value to an existing multi-value string entry.
  • xp_regdeletekey: Deletes a registry key and its values if it has no subkeys.
  • xp_regdeletevalue: Deletes a specific registry value.
• xp_regenumkeys: Returns all subkeys of a registry key.
  • xp_regenumvalues: Returns all values below a registry key.
  • xp_regread: Returns the values of a particular key.
  • xp_regremovemultistring: Used to delete a value from an existing multi-value string entry.
  • xp_regwrite: Writes a specified value to an existing registry key.

In SQL Server 2000 each of these procedures also has a corresponding instance procedure: xp_instance_regaddmultistring, xp_ instance_regdeletekey, xp_ instance_regdeletevalue, xp_ instance_regenumkeys, xp_ instance_regenumvalues, xp_ instance_regread, xp_ instance_regremovemultistring, and xp_ instance_regwrite.