Security readout for executives and security teams
Plain-English summary
This entry flags a Windows NT system where a registry key that an application relies on has been set to an inappropriate value. It is a configuration observation rather than a specific software flaw, so the risk depends entirely on which key and which application are affected in a given environment.
Executive priority
Low priority for modern estates. Only material if Windows NT systems remain in use; in that case, prioritize decommissioning or isolating those hosts rather than treating this as a discrete patchable vulnerability.
Technical view
CVE-1999-0665 is a generic advisory noting that an application-critical Windows NT registry key contains an inappropriate value. The public record provides no vendor, product, CWE, CVSS, or exploitability data. It reads as a scanner-style finding used to flag misconfigured registry values that could weaken an application's security posture on legacy Windows NT hosts.
Likely exposure
Exposure is limited to legacy Windows NT systems still in production. Because the CVE does not name a product, exposure must be assessed by identifying NT hosts and reviewing whether any application-critical registry keys were altered from vendor-recommended values.
Exploitation context
No exploitation activity is cited. The record is not listed in CISA KEV and contains no CVSS or exploit references. Any real-world impact would depend on which application relies on the misconfigured key and whether the incorrect value weakens authentication, permissions, or integrity controls.
Researcher notes
This is a legacy, generic CVE with no product, CWE, CVSS, or reference bundle beyond the CVE Program entry itself. Treat it as a configuration audit signal rather than a discrete vulnerability. Analysts should map the finding to a specific application and registry path before acting, and confirm baseline values against current vendor guidance. Evidence is incomplete by design.
Mitigation direction
- Inventory any remaining Windows NT systems and prioritize their retirement or isolation.
- Review vendor hardening guides for each application's required registry values.
- Restore misconfigured registry keys to documented secure defaults.
- Restrict registry editing rights to trusted administrators only.
- Segment legacy NT hosts from general corporate and internet-facing networks.
Validation and detection
- Enumerate Windows NT hosts through asset inventory and network discovery.
- Compare application-critical registry keys against vendor baselines or CIS-style guidance.
- Audit registry ACLs to confirm only authorized accounts can modify keys.
- Monitor registry change events for unexpected modifications.
- Re-scan after remediation to confirm keys hold approved values.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-1999-0665 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- https://www.cve.org/CVERecord?id=CVE-1999-0665CVE reference · x_refsource_MISC
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
