All Collections
Remediations
Insecure Windows Service Permissions
Insecure Windows Service Permissions
Luke Peach avatar
Written by Luke Peach
Updated over a week ago

The Insecure Windows Service Permissions Vulnerability when detected with a vulnerability scanner will report it as a CVSS 8.4.

CVSS:

CVSS is a scoring system for vulnerability systems, its an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:

Insecure Windows Service Permissions Vulnerability Information

Plugin 65057 is looking to identify insecure executable permissions as well as folder permissions that are insecure.

This means that any time Nessus observes an executable in a folder with Full Control permissions the plugin will flag this information in its output. In the following example scan, both an executable and a folder were identified with having insecure permissions:

Path : c:\program files\google\chrome\application\79.0.3945.130\elevation_service.exe

Used by services : GoogleChromeElevationService

File write allowed for groups : Users

Full control of directory allowed for groups : Users

Remediation

An administrator can verify both of these findings by checking the properties of both objects in Windows:
โ€‹
To examine the properties of a Windows executable, navigate to the path that Nessus provided and right-click the object, selecting properties:


โ€‹

To examine the properties of a flagged folder, navigate to the directory that contains the folder and right-click the folder, selecting properties:

Please ensure that these executable files do not have permissions to modify or write service executables. Additionally, ensure these groups do not have Full Control permission to any directories that contain service executables.

Once the insecure permissions have been addressed, rescan the target and the Plugin should no longer fire. It is important to ensure that when reviewing this plugin for false positive concerns, the administrator has ensured that the directory that houses the executables has had its permissions checked.

Did this answer your question?