PRP: Detector for Vulnerable Weak Windows Service Configurations for Privilege Escalation

[frkngksl]

• Identifier of the vulnerability: Windows Service Privilege Escalation
• Affected software: All Microsoft Windows Versions
• Popularity of affected software {e.g. Sofware X has Y million lifetime downloads / is used by Z% of Fortune 500 companies for network management}
• Type of vulnerability: Privilege Escalation
• Resources:
  • https://medium.com/r3d-buck3t/privilege-escalation-with-insecure-windows-service-permissions-5d97312db107

After seeing PAM Misconfiguration vulnerability detector, maybe we can create a Windows Service misconfiguration detector for potential privilege escalation vulnerabilities. Namely weak ACL on service binaries, weak service configuration ACLs, Unquoted service path.

[github-actions]

Welcome to the OSV-SCALIBR patch reward program!
Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us, sometimes longer
depending on available capacity.
Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.
~The OSV-SCALIBR PRP team