Name Modification of Windows Service Configuration
Summary An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. Specifically, if the permissions for users and groups are not properly assigned and allow access to the registry keys used to store the configuration information for a service, then an adversary could change settings defining the path to the executable and cause a malicious binary to be executed.
Prerequisites The adversary must have the capability to write to the Windows Registry on the targeted system.
Solutions Ensure proper permissions are set for Registry hives to prevent users from modifying keys for system components that may lead to privilege escalation.
Related Weaknesses
CWE ID Description
CWE-284 Improper Access Control
Back to Top