CCE-47123-5Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-04 |
Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
Vulnerability:
Any service or application is a potential point of attack. Therefore, you should disable or remove any unneeded services or executable files in your environment. There are additional optional services available in Windows that are not installed during a default installation of the operating system. Depending on the version of Windows you can add these optional services to an existing computer through Add/Remove Programs in Control Panel, Programs and Features in Control Panel, Server Manager, or the Configure Your Server Wizard. Important: If you enable additional services, they may depend on other services. Add all of the services that are needed for a specific server role to the policy for the server role that it performs in your organization.
Counter Measure:
Disable all unnecessary services by configuring the startup type to Disabled.
Potential Impact:
If some services (such as the Security Accounts Manager) are disabled, you will not be able to restart the computer. If other critical services are disabled, the computer may not be able to authenticate with domain controllers. If you wish to disable some system services, you should test the changed settings on non-production computers before you change them in a production environment. It is also possible to alter the access control list (ACL) for a service, however do so with caution because unexpected results may arise. For example, changing the default permissions may cause enterprise management software to lose the ability to query the state of that service.
Fix:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsSystem ServicesApplication Identity
(2) REG: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesAppIDSvc!Start
Parameter:
[manual/disable/automatic]
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Application Identity
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc!Start
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40239 |