SECUI Corporation


	Korean

<< Back

VID	28312
Severity	40
Port	139,445
Protocol	TCP
Class	SMB
Detailed Description	A user with the Debug Programs privilege is detected. This right allows a user to debug low-level objects such as threads, and is normally given only to Administrators. Any user given this right could gain full access to any system-level process, including the ability to view memory space, terminate a process, and spawn additional processes and threads. Programs such as GetAdmin use this right to gain Administrator privileges. * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: http://support.microsoft.com/default.aspx?scid=kb;[LN];101366 http://hq.mcafeeasap.com/vulnerabilities/vuln_data/23000.asp http://www.statonline.com/technologies/sec_articles/rights.asp * Platforms Affected: Windows Any version
Recommendation	Check user rights for Debug programs, and remove any names disallowed by your security policy. To audit and revoke this privilege: For Windows NT: 1. Open User Manager (From the Windows NT Start menu, select Programs, Administrative Tools (Common), and User Manager). 2. From the Policies menu, select User Rights to display the User Rights Policy dialog box. 3. Select the Show Advanced User Rights check box. 4. From the Right list, select Debug programs. 5. Verify this right is set in accordance with your administration policy. 6. To remove a user, select the user and click Remove. For a Windows 2000 domain: 1. Start Microsoft Management Console (mmc). From the Windows Start menu, select Run, type mmc, and click OK. 2. Add Group Policy Snap-in. 3. Browse Group Policy Objects. 4. Select the Domain Policy of interest. 5. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment and Debug programs. 6. Set the user right to desired setting according to your administration policy. For a stand-alone Windows 2000 computer: 1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default. 2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment and Debug programs. 3. Set the user right to desired setting according to your administration policy. For Windows XP, 2003, 7, 2008, 8, 2012, 10, 2016, 2019 computer: 1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default. 2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment and Debug programs. 3. Set the user right to desired setting according to your administration policy.
Related URL	CVE-1999-0534 (CVE)
Related URL	(SecurityFocus)
Related URL	252 (ISS)