UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DCOM calls are not executed under the security context of the calling user.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6830 5.112 SV-29740r1_rule Medium
Description
DCOM calls are executed under the security context of the calling user by default. If the RunAs key has been altered, the DCOM calls can be executed under the user context of the currently logged in user, or as a third user. If present, the RunAs value tells the COM Service Control Manager (SCM) the name of the account under which the server is to be activated. In addition to the account name, the COM SCM must also have the password of the account. The result of a successful logon is a security context (token) for the named account that is used as the primary token for the new COM server process. Administrators should not use this method in the evaluated configuration if accountability is required, since accountability cannot be enforced. RunAs values will be removed.
STIG Date
Windows Vista Security Technical Implementation Guide 2016-06-03

Details

Check Text ( C-3107r1_chk )
·Using the Registry Editor, go to the following Registry key:

HKLM\Software\Classes\Appid

·View each subkey in turn and verify that the RunAs value has not been added.
·If any subkey has a RunAs value, then this would be a finding.

Note: Windows components that have default Runas values such as Interactive User do not need to be changed. Windows components that have had a Runas value added or changed and non-Windows COM objects added to the system with Runas values need to be reviewed.
Fix Text (F-6517r1_fix)
Remove any RunAs values from DCOM objects in the Registry.