Microsoft Windows SMB Registry : NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation

This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.


Synopsis :

Local users can gain additional privileges.

Description :

This script checks whether the following key can be modified by
non-admins :

HKLM\Software\Microsoft\Windows\RAS

Write access to this key allows an unprivileged user to gain
additional privileges.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms00-095

Solution :

Use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:W/RC:ND)

Family: Windows

Nessus Plugin ID: 10567 ()

Bugtraq ID: 2064

CVE ID: CVE-2001-0045

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now