Title

Anonymous access to the registry must be restricted. (Cat I impact)

Discussion

The registry is integral to the function, security, and stability of the Windows system. Some processes may require anonymous access to the registry. This must be limited to properly protect the system.

Check Content

Run "Regedit". Navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\ If the key does not exist, this is a finding. Right-click on "winreg" and select "Permissions…". Select "Advanced". If the permissions are not as restrictive as the defaults listed below, this is a finding. The following are the same for each permission listed: Type - Allow Inherited from - None Columns: Principal - Access - Applies to Administrators - Full Control - This key and subkeys Backup Operators - Read - This key only LOCAL SERVICE - Read - This key and subkeys

Fix Text

Maintain permissions at least as restrictive as the defaults listed below for the "winreg" registry key. It is recommended to not change the permissions from the defaults. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\ The following are the same for each permission listed: Type - Allow Inherited from - None Columns: Principal - Access - Applies to Administrators - Full Control - This key and subkeys Backup Operators - Read - This key only LOCAL SERVICE - Read - This key and subkeys

Additional Identifiers

Rule ID: SV-48047r3_rule

Vulnerability ID: V-1152

Group Title: Anonymous Access to the Registry

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.