SMB Insecurely Configured Service
High Nessus Plugin ID 44676
SynopsisAt least one insecurely configured Windows service on the remote host is affected by a privilege escalation vulnerability.
DescriptionAt least one insecurely configured Windows service was detected on the remote host. Unprivileged users can modify the properties of these affected services, allowing an unprivileged, local attacker to execute arbitrary code or commands as SYSTEM.
Nessus checked if any of the following groups have permissions to modify executable files that are started by Windows services :
- Domain Users
- Authenticated Users
SolutionEnsure the groups listed above do not have ChangeConf, WDac, or WOwn permissions. Refer to the Microsoft documentation for more information.