-
Titel
The vulnerability scan is showing permissions issues in "changeauditor.service.exe" -
Beschreibung
The vulnerability scan tool is showing a finding similar to the following:
===
At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.Path : c:\program files\quest\changeauditor\service\changeauditor.service.exe
Used by services : ChangeAuditor.Coordinator
File write allowed for groups : Authenticated Users (S-1-5-11) -
Ursache
Windows permissions inheritance
-
Lösung
This Change Auditor executable inherits permissions from the Program Files folder, so this is a Windows issue. To remediate it you have to disable the inheritance on the Change Auditor folder and then remove the local server\users group from Computer Management. Then, run a new scan to confirm that you no longer see this vulnerability result.