Microsoft Windows SMB Registry : Key Permission Weakness Admin Privilege Escalation
High Nessus Plugin ID 10430
SynopsisLocal users can gain administrator privileges.
DescriptionThe following keys contain the name of the program that shall be started when the computer starts. The users who have the right to modify them can easily make the admin run a Trojan program that will give them admin privileges.
SolutionUse regedt32 and set the permissions of this key to :
- Admin group : Full Control
- System : Full Control
- Everyone : Read
Make sure that 'Power Users' do not have any special privilege for this key.