Microsoft Windows SMB Registry : SFCDisable Key Permission Weakness

This script is Copyright (C) 2000-2016 Tenable Network Security, Inc.


Synopsis :

Local users have full privileges on the remote host.

Description :

The registry key HKLM\SOFTWARE\Microsoft\Windows
NT\WinLogon\SFCDisable has its value set to a value other than 0 or 4.

Any value other than 0 or 4 disables the Windows File Protection,
which allows any user on the remote host to view / modify any file he
wants.

This probably means that this host has been compromised.

See also :

http://www.nessus.org/u?4b1b4a46
http://support.microsoft.com/kb/q222473/

Solution :

Set the value of this key to 0. You should reinstall this host

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 10449 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now