Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32282 | WN08-RG-000002 | SV-48295r2_rule | ECCD-1 ECCD-2 | High |
Description |
---|
Permissions on the Active Setup\Installed Components registry key must only allow privileged accounts to add or change registry values. If standard user accounts have this capability, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
STIG | Date |
---|---|
Windows 8 / 8.1 Security Technical Implementation Guide | 2015-11-30 |
Check Text ( C-64139r1_chk ) |
---|
Run "Regedit". Navigate to the following registry keys and review the permissions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems) If the default permissions listed below have been changed, this is a finding. Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read |
Fix Text (F-69319r1_fix) |
---|
Maintain the default permissions of the following registry keys as noted below: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems only) Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read |