-
Notifications
You must be signed in to change notification settings - Fork 0
Insecure Windows Service Permissions
This page outlines the vulnerability associated with insecure permissions on Windows services, where services configured with overly permissive access rights can lead to unauthorized modifications, including privilege escalation. This issue is particularly critical when non-administrative users or processes are granted 'Modify' (M) or 'Full Access' (F) rights to service executables.
- Severity: High
Exploiting insecure service permissions can enable attackers to modify service binaries or configurations, allowing for the execution of arbitrary code with elevated privileges. This can lead to full system compromise, data theft, and persistent access to the affected system.
The vulnerability is caused by inadequate permission settings on service executables or directories, where non-privileged users or groups (like Builtin Users) are granted extensive control (Modify or Full Access) over service files.
Securing Service Permissions: To mitigate this vulnerability, restrict service file permissions to prevent unauthorized changes.
-
Review Current Permissions: Use the
`icacls`command to view current permissions on service executables:icacls "path\to\service\executable.exe" 2>nul -
Restrict Permissions:
Ensure that only administrative accounts have write access to service executables and configuration files. Use the following command to modify permissions securely:
icacls "path\to\service\executable.exe" /grant "Administrators:F" /remove "Builtin\Users" -
Automate Permission Audits:
Use scripting to periodically check and correct permissions across all services:
for/f "tokens=2 delims='='" %a in ('wmic service list full^|find /i "pathname"^|find /i /v "system32"') do @echo %a >> c:\\windows\\temp\\permissions.txt for/f eol^=^"^ delims^=^" %a in (c:\\windows\\temp\\permissions.txt) do cmd.exe /c icacls "%a"
N/A
- Home - Return to this main page.
- Explore detailed vulnerability categories and entries via the sidebar.
- Microsoft Teams < 1.6.0.11166 Information Disclosure↗
- Microsoft Teams < 1.6.0.18681 RCE↗
- Microsoft Windows Unquoted Service Path Enumeration↗
- Microsoft XML Parser (MSXML) and XML Core Services Unsupported↗
- Security Updates for Microsoft .NET Framework↗
- Security Updates for Microsoft Office Products C2R↗
- Security Updates for Microsoft SQL Server↗
- Windows Defender Antimalware/Antivirus Signature Definition Check↗
- Windows Speculative Execution Configuration Check↗
- WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation↗
- SSL Certificate Cannot Be Trusted↗
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits↗
- SSL Certificate with Wrong Hostname↗
- SSL Medium Strength Cipher Suites Supported (SWEET32)↗
- SSL Self-Signed Certificate↗
- SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)↗
- TLS Version 1.0 Protocol Detection↗
- TLS Version 1.1 Protocol Deprecated↗
- Apache 2.4.x < 2.4.58 Multiple Vulnerabilities↗
- Apache Log4j Vulnerabilities↗
- Apache Solr Unauthenticated Access Information Disclosure↗
- Apache Struts Vulnerabilities↗
- Apache Tomcat Vulnerabilities↗
- Amazon Corretto Java 11.x < 11.0.19.7.1 Multiple Vulnerabilities↗
- OpenJDK Vulnerabilities↗
- Oracle Java SE Vulnerabilities↗
- 7-Zip < 23.00 Multiple Vulnerabilities↗
- Adobe Acrobat Vulnerabilities↗
- AMQP Cleartext Authentication↗
- Artifex Ghostscript < 10.2.1 DoS↗
- Chargen UDP Service Remote DoS↗
- Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)↗
- Echo Service Detection↗
- HSTS Missing From HTTPS Server (RFC 6797)↗
- HTTP TRACE / TRACK Methods Allowed↗
- Insecure Windows Service Permissions↗
- Keepass < 2.54 Information disclosure↗
- Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities↗
- Quote of the Day (QOTD) Service Detection↗
- VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass↗
- X Server Detection↗
- Template -> Use this template for new vulnerabilities