CCE-42491-1Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Specify the 'Configure log access (legacy) - Event Log ServiceSecurity' (SDDL String) value
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.
If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.
If you disable this policy setting, only system software and administrators can read or clear this log.
If you do not configure this policy setting, the previous policy setting configuration remains in effect.
Counter Measure:
Enable and configure this setting depending on your organization's requirements.
Potential Impact:
Some system software and administrators may not have access to the log.
Parameter:
[log access]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsEvent Log ServiceSecurityConfigure log access (legacy) - Event Log ServiceSecurity
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.5 | Attack Vector: NETWORK |
Exploit Score: 1.6 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35109 |