UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A Windows system has a writable DCOM configuration.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6826 5.108 SV-29543r1_rule Medium
Description
A registry key for a valid DCOM object has access permissions that could allow non-administrator users to change the security settings if inadvertently set to a low level of security. An attacker could possibly execute code under the context of the console or some other user.
STIG Date
Windows Vista Security Technical Implementation Guide 2016-06-03

Details

Check Text ( C-39216r1_chk )
Verify the permissions of the following registry key and its subkeys:

HKLM\Software\Classes\Appid

If any standard (non-privileged) user accounts or groups have greater than “read” access, then this would be a finding.

The default permissions are acceptable. At the Appid level they are as follows and will be inherited by many of the subkeys.

Creator Owner - Special (Full)
Administrators - Full
SYSTEM - Full
Users - Read

Vista subkeys that have Trusted Installer with “Full” permissions are acceptable. These will typically have lesser permissions of "Read" for Administrators and System.
Fix Text (F-6513r1_fix)
Fortify DCOMs AppId permissions. Any changes should be thoroughly tested so objects continue to function under tightened security.
- Open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\Software\Classes\Appid.
- Select the application that generated this vulnerability.
- Set the permissions for standard (non-privileged) user accounts or groups to Read only.