Microsoft Windows SMB Registry : Registry HKLM_LOCAL_MACHINE Permissions

High Nessus Plugin ID 10427


System settings are writable by non admin.


The registry key HKEY_LOCAL_MACHINE is writeable by users who are not in the admin group.

This allows these users to create a lot of keys on that machine, thus they can probably to get admin easily.

Such a configuration probably means that the system has been compromised.


use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Plugin Details

Severity: High

ID: 10427

File Name: smb_reg_hklm.nasl

Version: $Revision: 1.27 $

Type: local

Agent: windows

Family: Windows

Published: 2000/05/29

Modified: 2015/01/12

Dependencies: 10400, 10394, 10150

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password, SMB/registry_access

Vulnerability Publication Date: 1995/01/01

Reference Information

CVE: CVE-1999-0589

OSVDB: 331, 332, 334