STIGQter: STIG Summary: Windows 2008 Member Server Security Technical Implementation Guide Version: 6 Release: 43 Benchmark Date: 26 Jul 2019: Anonymous access to the registry must be restricted.

DISA Rule

SV-29595r3_rule

Vulnerability Number

V-1152

Group Title

Anonymous Access to the Registry

Rule Version

3.030

Severity

CAT I

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Maintain permissions at least as restrictive as the defaults listed below for the "winreg" registry key. It is recommended to not change the permissions from the defaults.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\

The following are the same for each permission listed:
Type - Allow
Inherited from - <not inherited>

Columns: Name - Permission - Apply to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read))
LOCAL SERVICE - Read - This key and subkeys

Check Contents

Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\

If the key does not exist, this is a finding.

Right-click on "winreg" and select "Permissions…".
Select "Advanced".

If the permissions are not as restrictive as the defaults listed below, this is a finding.

The following are the same for each permission listed:
Type - Allow
Inherited from - <not inherited>

Columns: Name - Permission - Apply to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read))
LOCAL SERVICE - Read - This key and subkeys

Vulnerability Number

V-1152

Documentable

True

Rule Version

3.030

Severity Override Guidance

Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\

If the key does not exist, this is a finding.

Right-click on "winreg" and select "Permissions…".
Select "Advanced".

If the permissions are not as restrictive as the defaults listed below, this is a finding.

The following are the same for each permission listed:
Type - Allow
Inherited from - <not inherited>

Columns: Name - Permission - Apply to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read))
LOCAL SERVICE - Read - This key and subkeys

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1340

Comments