[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-2864-7

Platform: cpe:/o:microsoft:windows_xpDate: (C)2012-03-13   (M)2023-07-04



This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components. Developers who are debugging their own applications do not need to be assigned this user right; however, developers who are debugging new system components will need it. Note: Microsoft released several security updates in October 2003 that used a version of Update.exe that required the administrator to have the Debug programs user right. Administrators who did not have this user right were unable to install these security updates until they reconfigured their user rights. This is not typical behavior for operating system updates. For more information, see Knowledge Base article 830846: 'Windows Product Updates may stop responding or may use most or all the CPU resources.' Countermeasure: Remove the accounts of all users and groups that do not require the Debug programs user right. Potential Impact: If you revoke this user right, no one will be able to debug programs. However, typical circumstances rarely require this capability on production computers. If a problem arises that requires an application to be debugged on a production server, you can move the server to a different OU temporarily and assign the Debug programs user right to a separate Group Policy for that OU.


Parameter:

[list_of_users_followed_by_comma]


Technical Mechanism:

(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Debug programs (2) REG: ### (3) WMI: root\\rsop\\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeDebugPrivilege' and precedence=1

CCSS Severity:CCSS Metrics:
CCSS Score : 7.0Attack Vector: LOCAL
Exploit Score: 1.1Attack Complexity: HIGH
Impact Score: 5.3Privileges Required: LOW
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:LScope: CHANGED
 Confidentiality: HIGH
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:gov.nist.usgcb.xp:def:174
BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v6.0
Jericho ForumJericho Forum
HIPAA/HITECH ActHIPAA/HITECH Act
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005ISO/IEC 27001-2005
COBIT 4.1COBIT 4.1
GAPP (Aug 2009)GAPP (Aug 2009)
NERC CIPNERC CIP
NIST SP800-53 R3NIST SP800-53 R3 AC-3
NIST SP800-53 R3NIST SP800-53 R3 CM-6
PCIDSS v2.0PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0BITS Shared Assessments AUP v5.0


OVAL    1
oval:gov.nist.usgcb.xp:def:174
XCCDF    4
xccdf_gov.nist_benchmark_USGCB-Windows-XP
xccdf_org.secpod_benchmark_hipaa_windows_xp
xccdf_org.secpod_benchmark_nist_windows_xp
xccdf_org.secpod_benchmark_nerc_cip_Windows_XP
...

© SecPod Technologies