Microsoft Windows SMB Registry : Key Permission Weakness Admin Privilege Escalation

This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.


Synopsis :

Local users can gain administrator privileges.

Description :

The following keys contain the name of the program that shall be
started when the computer starts. The users who have the right to
modify them can easily make the admin run a Trojan program that will
give them admin privileges.

Solution :

Use regedt32 and set the permissions of this key to :

- Admin group : Full Control
- System : Full Control
- Everyone : Read

Make sure that 'Power Users' do not have any special privilege for
this key.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 10430 ()

Bugtraq ID:

CVE ID: CVE-1999-0589

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now