Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6830 | 5.112 | SV-29740r1_rule | ECSC-1 | Medium |
Description |
---|
DCOM calls are executed under the security context of the calling user by default. If the RunAs key has been altered, the DCOM calls can be executed under the user context of the currently logged in user, or as a third user. If present, the RunAs value tells the COM Service Control Manager (SCM) the name of the account under which the server is to be activated. In addition to the account name, the COM SCM must also have the password of the account. The result of a successful logon is a security context (token) for the named account that is used as the primary token for the new COM server process. Administrators should not use this method in the evaluated configuration if accountability is required, since accountability cannot be enforced. RunAs values will be removed. |
STIG | Date |
---|---|
Windows Vista Security Technical Implementation Guide | 2015-03-09 |
Check Text ( C-3107r1_chk ) |
---|
·Using the Registry Editor, go to the following Registry key: HKLM\Software\Classes\Appid ·View each subkey in turn and verify that the RunAs value has not been added. ·If any subkey has a RunAs value, then this would be a finding. Note: Windows components that have default Runas values such as Interactive User do not need to be changed. Windows components that have had a Runas value added or changed and non-Windows COM objects added to the system with Runas values need to be reviewed. |
Fix Text (F-6517r1_fix) |
---|
Remove any RunAs values from DCOM objects in the Registry. |