Insecure Windows Service Permissions

Question

I have a Latitude 3570 that has been audited for Cyber Essentials compliance. The laptop has failed with the high risk vulnerability, 'At least one improperly configured Windows service may have a privilege escalation vulnerability.' The service is DellRctlService and Authenticate Users have inherited file write permission to c:\dell\sytem64folder\dellrctlservice.exe. The solution to this vulnerability is:Ensure the groups [Everyone, Users, Domain Users, Authenticated Users] do not have permissions to modify orwrite service executables. Additionally, ensure these groups do nothave Full Control permission to any directories that contain serviceexecutables. Ref: www.nessus.org/u Will changing the Authenticated Users permission to explicit read only be detrimental to the service?

DELL-Jesse L · Answer

Don or Ron, I do not see where changing the permissions would have any issues. If it does, you can revert back to the previous setting.

Jamesy281 · Answer

Hi Jesse,

I realise this is an old post, but I to have the same vulnerability reported in Nessus. Can you please confirm for me exactly what this service is/ does? I have read conflicting articles about it's function. I would like to remove it altogether but I want to make sure it will not cause interruption to service for the users.

Cheers,

Jamesy

Windows General

Was this post helpful?