| VID |
27064 |
| Severity |
10 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
If you don't limit privilege in web process, some visitors may get system privilege by using vulnerabilitiy of web service, And then they can get manager privilege, access to server and hack into some information for modifying or damaging.
* Platforms Affected:
Microsoft IIS Server |
| Recommendation |
1. Start> Control Panel> Administrative Tools> Computer Management> Local Users and Groups> Select Users
2. Add a "Nobody" Account (If there are any users in group of nobody account and then remove it)
3. Start> Control Panel> Administrative Tools> Local Security Policy> Local Policies> User Rights Assignment> Add a "Nobody" user in ¡°Log on as a Service"
4. Start> Run> SERVICES.MSC> IISADMIN> Properties> Logon > Input a "Nobody" account and password
5. Start> All Programs> Windows Explorer> Select folder installed IIS > Properties > Security> Add a "Nobody" user and check whole rights |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
