An error occurred:

Check: 3.064

Windows XP STIG: 3.064 (in versions v6 r1.32 through v1 r0)

Title

Unauthorized registry paths are remotely accessible. (Cat I impact)

Discussion

This is a Category 1 finding because it could give unauthorized individuals access to the Registry. It controls which registry paths are accessible from a remote computer.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Local Policies -> Security Options. If the value for “Network access: Remotely accessible registry paths” contains entries besides the following, then this is a finding: System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Control\Server Applications System\CurrentControlSet\Services\Eventlog Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion System\CurrentControlSet\Control\ContentIndex System\CurrentControlSet\Control\Terminal Server System\CurrentControlSet\Control\Terminal Server\Userconfig System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration The policy referenced configures the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\ Value Name: Machine Value Type: REG_MULTI_SZ Value: As defined in policy above Note: Legitimate applications may add entries to this registry value. If an application requires these entries to function properly and is documented with the IAO this would not be a finding. Documentation should contain supporting information from the vendor's instructions. Note: Windows XP 64-Bit is based on Windows 2003. On XP 64-bit systems apply the configuration for V0003339 and V0004443 as outlined in the Windows 2003 STIG.

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Network access: Remotely accessible registry paths” as defined in the Check section.

Additional Identifiers

Rule ID: SV-6275r1_rule

Vulnerability ID: V-3339

Group Title: Remotely Accessible Registry Paths

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check