UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SQL Server Profiler must be protected from unauthorized access, modification, or removal.


Overview

Finding ID Version Rule ID IA Controls Severity
V-67797 SQL4-00-013910 SV-82287r1_rule Medium
Description
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. SQL Server Profiler is one such tool. If an attacker were to gain access to audit tools, he could analyze audit logs for system weaknesses or weaknesses in the auditing itself. An attacker could also manipulate logs to hide evidence of malicious activity.
STIG Date
MS SQL Server 2014 Instance Security Technical Implementation Guide 2016-06-27

Details

Check Text ( C-68365r1_chk )
In Windows Explorer, navigate to :\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn. Right-click on the file PROFILER.EXE; select Properties. Click on the Security tab. Review the users and groups listed, and the permissions granted to each.

If PROFILER.EXE can be executed or modified by any unauthorized users, this is a finding.
Fix Text (F-73913r1_fix)
Apply or modify permissions on PROFILER.EXE to make it accessible by authorized personnel only.