I have a Latitude 3570 that has been audited for Cyber Essentials compliance. The laptop has failed with the high risk vulnerability, "At least one improperly configured Windows service may have a privilege escalation vulnerability."
The service is DellRctlService and Authenticate Users have inherited file write permission to c:\dell\sytem64folder\dellrctlservice.exe.
The solution to this vulnerability is:Ensure the groups [Everyone, Users, Domain Users, Authenticated Users] do not have permissions to modify or
write service executables. Additionally, ensure these groups do not
have Full Control permission to any directories that contain service
Will changing the Authenticated Users permission to explicit read only be detrimental to the service?