Microsoft Windows SMB Registry : Schedule Key Permission Weakness Local Privilege Escalation

High Nessus Plugin ID 10426


Local users can elevate their privileges.


The registry key SYSTEM\CurrentControlSet\Services\Schedule is writeable by users who are not in the admin group.

Since the scheduler runs with SYSTEM privileges, this allow a malicious user to gain these privileges on this system.


Use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Plugin Details

Severity: High

ID: 10426

File Name: smb_reg_schedule.nasl

Version: $Revision: 1.29 $

Type: local

Agent: windows

Family: Windows

Published: 2000/05/29

Modified: 2015/01/12

Dependencies: 10394, 10150, 10400

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password, SMB/registry_access

Reference Information

CVE: CVE-1999-0589