Microsoft Windows SMB Registry : Schedule Key Permission Weakness Local Privilege Escalation

high Nessus Plugin ID 10426

Synopsis

Local users can elevate their privileges.

Description

The registry key SYSTEM\CurrentControlSet\Services\Schedule is writeable by users who are not in the admin group.

Since the scheduler runs with SYSTEM privileges, this allow a malicious user to gain these privileges on this system.

Solution

Use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Plugin Details

Severity: High

ID: 10426

File Name: smb_reg_schedule.nasl

Version: Revision: 1.29

Type: local

Agent: windows

Family: Windows

Published: 5/29/2000

Updated: 1/12/2015

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/registry_access, SMB/transport

Reference Information

CVE: CVE-1999-0589