CCE-47591-3Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2022-09-02 (M)2023-07-14 |
This security setting determines which registry paths and subpaths can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key.
Default:
SystemCurrentControlSetControlPrintPrinters
SystemCurrentControlSetServicesEventlog
SoftwareMicrosoftOLAP Server
SoftwareMicrosoftWindows NTCurrentVersionPrint
SoftwareMicrosoftWindows NTCurrentVersionWindows
SystemCurrentControlSetControlContentIndex
SystemCurrentControlSetControlTerminal Server
SystemCurrentControlSetControlTerminal ServerUserConfig
SystemCurrentControlSetControlTerminal ServerDefaultUserConfiguration
SoftwareMicrosoftWindows NTCurrentVersionPerflib
SystemCurrentControlSetServicesSysmonLog
SystemCurrentControlSetServicesCertSvc
SystemCurrentControlSetServicesWins
Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Note: On Windows XP, this security setting was called "Network access: Remotely accessible registry paths." If you configure this setting on a member of the Windows Server 2003 family that is joined to a domain, this setting is inherited by computers running Windows XP, but will appear as the "Network access: Remotely accessible registry paths" security option. For more information, see Network access: Remotely accessible registry paths and subpaths.
Countermeasure:
Configure the Network access: Remotely accessible registry paths and sub-paths setting to a null value (enable the setting but do not enter any paths in the text box).
Potential Impact:
Remote management tools such as the Microsoft Baseline Security Analyzer and Microsoft Systems Management Server require remote access to the registry to properly monitor and manage those computers. If you remove the default registry paths from the list of accessible ones, such remote management tools could fail.
Note: If you want to allow remote access, you must also enable the Remote Registry service."
Fix:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsNetwork access: Remotely accessible registry paths and sub-paths
(2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetControlSecurePipeServersWinregAllowedPaths!Machine
Parameter:
[paths]
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and sub-paths
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths!Machine
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.9 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 3.6 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:83552 |