SMB Insecurely Configured Service

High Nessus Plugin ID 44676

Synopsis

At least one insecurely configured Windows service on the remote host
is affected by a privilege escalation vulnerability.

Description

At least one insecurely configured Windows service was detected on the
remote host. Unprivileged users can modify the properties of these
affected services, allowing an unprivileged, local attacker to execute
arbitrary code or commands as SYSTEM.

Nessus checked if any of the following groups have permissions to
modify executable files that are started by Windows services :

- Everyone
- Users
- Domain Users
- Authenticated Users

Solution

Ensure the groups listed above do not have ChangeConf, WDac, or WOwn
permissions. Refer to the Microsoft documentation for more
information.

See Also

http://www.nessus.org/u?cb6c1e24

https://docs.microsoft.com/en-us/windows/desktop/Services/service-security-and-access-rights

Plugin Details

Severity: High

ID: 44676

File Name: smb_insecure_service_config.nbin

Version: 1.101

Type: local

Agent: windows

Family: Windows

Published: 2010/02/22

Modified: 2019/01/09

Dependencies: 10456

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H