CAPEC-478

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Usable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: High
Modification of Windows Service Configuration

Description

An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.

Prerequisites

The adversary must have the capability to write to the Windows Registry on the targeted system.

Mitigations

Ensure proper permissions are set for Registry hives to prevent users from modifying keys for system components that may lead to privilege escalation.