Microsoft Windows SMB Registry : Schedule Key Permission Weakness Local Privilege Escalation
High Nessus Plugin ID 10426
SynopsisLocal users can elevate their privileges.
DescriptionThe registry key SYSTEM\CurrentControlSet\Services\Schedule is writeable by users who are not in the admin group.
Since the scheduler runs with SYSTEM privileges, this allow a malicious user to gain these privileges on this system.
SolutionUse regedt32 and set the permissions of this key to :
- admin group : Full Control
- system : Full Control
- everyone : Read