UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A Windows system has a writable DCOM configuration.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6826 5.108 SV-29541r1_rule ECSC-1 Medium
Description
A registry key for a valid DCOM object has access permissions that allow non-administrator users to change the security settings. If DCOM security settings are inadvertently set to a low level of security, it may be possible for an attacker to execute code, possibly under the user context of the console user.In addition, an attacker could change the security on the object to allow for a future attack, such as setting the object to run as Interactive User. The Interactive User runs the application using the security context of the user currently logged on to the computer. If this option is selected and the user is not logged on, then the application will not start.
STIG Date
Windows XP Security Technical Implementation Guide 2012-08-22

Details

Check Text ( C-3103r1_chk )
·Using the Registry Editor, go to the following Registry key:

HKLM\Software\Classes\Appid(inherited by all subkeys)

Administrators Full
SYSTEM Full
Users Read

·If any account other than Administrators and System has greater than “read” access, then this would be a finding.

·Select each subkey and verify that it is inheriting the same permissions.
·If any subkey has permissions that are less strict than those above, then this would be a finding.
Fix Text (F-6513r1_fix)
Fortify DCOMs AppId permissions. Any changes should be thoroughly tested so objects continue to function under tightened security.
- Open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\Software\Classes\Appid.
- Select the application that generated this vulnerability.
- Set the permissions for standard (non-privileged) user accounts or groups to Read only.