Insecure Windows Service Permissions

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

At least one improperly configured Windows service may have a
privilege escalation vulnerability.

Description :

At least one Windows service executable with insecure permissions was
detected on the remote host. Services configured to use an executable
with weak permissions are vulnerable to privilege escalation attacks.
An unprivileged user could modify or overwrite the executable with
arbitrary code, which would be executed the next time the service is
started. Depending on the user that the service runs as, this could
result in privilege escalation.

This plugin checks if any of the following groups have permissions to
modify executable files that are started by Windows services :

- Everyone
- Users
- Domain Users
- Authenticated Users

See also :

http://www.nessus.org/u?e4e766b2

Solution :

Ensure the groups listed above do not have permissions to modify or
write service executables. Additionally, ensure these groups do not
have Full Control permission to any directories that contain service
executables.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 65057 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now