Family: Windows --> Category: infos
SMB Registry : permissions of Schedule Vulnerability Scan
Vulnerability Scan Summary
Acertains the access rights of a remote key
Detailed Explanation for this Vulnerability Test
Local users can elevate their rights.
The registry key SYSTEM\CurrentControlSet\Services\Schedule is
writeable by users who are not in the admin group.
Since the scheduler runs with SYSTEM rights, this allow a
malicious user to gain these rights on this system.
Use regedt32 and set the permissions of this key to :
- admin group : Full Control
- system : Full Control
- everyone : Read
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.