CAPEC-478
Modification of Windows Service Configuration
Description
An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.
Prerequisites
The adversary must have the capability to write to the Windows Registry on the targeted system.
Mitigations
Ensure proper permissions are set for Registry hives to prevent users from modifying keys for system components that may lead to privilege escalation.