Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1152 | 3.030 | SV-32260r1_rule | ECCD-1 ECCD-2 | High |
Description |
---|
This is a Category I finding, because this vulnerability allows an anonymous individual read-access and write-access to some parts of the registry. The permissions set for the Winreg subkey determine who can remotely connect to a registry. If this subkey does not exist, all users can remotely connect to the registry. To remotely connect to a registry, a user must have at least Read Access to the Winreg subkey on the target computer. The Everyone group, which is given permissions by the default installation, typically has at least enough access allowed to browse. Therefore, the capability for an anonymous user to access the registry over the network must be prevented. |
STIG | Date |
---|---|
Windows Server 2008 R2 Member Server Security Technical Implementation Guide | 2014-04-02 |
Check Text ( C-32710r1_chk ) |
---|
Using the Registry Editor, navigate to the following key: HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg If the permissions are not at least as restrictive as those below, then this is a finding. Administrators - Full Backup Operators - Read(QENR) Local Service - Read This is enforcing the default permissions. |
Fix Text (F-90r1_fix) |
---|
Configure the system to prevent anonymous users from gaining access to the Registry. |