Check: WINRG-000001
Windows Vista STIG:
WINRG-000001
(in versions v6 r42 through v6 r41)
Title
Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key. (Cat I impact)
Discussion
Permissions on the Active Setup\Installed Components registry key must only allow privileged accounts to add or change registry values. If standard user accounts have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.
Check Content
Run "Regedit". Navigate to the following registry keys and review the permissions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems) If the default permissions listed below have been changed, this is a finding. Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Special (Special = Full Control - Subkeys only)
Fix Text
Maintain the default permissions of the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems only) Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Special (Special = Full Control - Subkeys only)
Additional Identifiers
Rule ID: SV-42616r2_rule
Vulnerability ID: V-32282
Group Title: WINRG-000001 Active Setup\Installed Components Registry Permissions
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002235 |
The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. |
Controls
| Number | Title |
|---|---|
| AC-6 (10) |
Prohibit Non-Privileged Users From Executing Privileged Functions |