A Windows system has a writable DCOM configuration.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6826 | 5.108 | SV-29543r1_rule | Medium |
| Description |
|---|
| A registry key for a valid DCOM object has access permissions that could allow non-administrator users to change the security settings if inadvertently set to a low level of security. An attacker could possibly execute code under the context of the console or some other user. |
| STIG | Date |
|---|---|
| Windows Vista Security Technical Implementation Guide | 2017-01-30 |
Details
| Check Text ( C-39216r1_chk ) |
|---|
| Verify the permissions of the following registry key and its subkeys: HKLM\Software\Classes\Appid If any standard (non-privileged) user accounts or groups have greater than “read” access, then this would be a finding. The default permissions are acceptable. At the Appid level they are as follows and will be inherited by many of the subkeys. Creator Owner - Special (Full) Administrators - Full SYSTEM - Full Users - Read Vista subkeys that have Trusted Installer with “Full” permissions are acceptable. These will typically have lesser permissions of "Read" for Administrators and System. |
| Fix Text (F-6513r1_fix) |
|---|
| Fortify DCOMs AppId permissions. Any changes should be thoroughly tested so objects continue to function under tightened security. - Open the Registry Editor. - Navigate to HKEY_LOCAL_MACHINE\Software\Classes\Appid. - Select the application that generated this vulnerability. - Set the permissions for standard (non-privileged) user accounts or groups to Read only. |