All,
For an Agilent GCMS with ChemStation. I received a vulnerability (Tenable) report with the following vulnerability. Can I remove "modify" or "write" privileges for these two groups (Users and Authenticated Users)?
An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next
time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.
This plugin checks if any of the following groups have permissions to modify executable files that are started by
Windows services :
- Users
- Authenticated Users
Path : c:\chem32\core\dataserver.exe
Used by services : Agilent Chemstation Data Service
File write allowed for groups : Users (S-1-5-32-545), Authenticated Users (S-1-5-11)
