Microsoft Windows SMB Registry : Key Permissions Path Subversion Local Privilege Escalation
High Nessus Plugin ID 10432
SynopsisLocal users can gain SYSTEM privileges.
DescriptionSome SYSTEM registry keys can be written by non administrator.
These keys contain paths to common programs and DLLs. If a user can change a path, then he may put a trojan program into another location (say C:/temp) and point to it.
SolutionUse regedt32 and set the permissions of this key to :
- admin group : Full Control
- system : Full Control
- everyone : Read