...
Possible values for the integrity level SID strings are listed in the following table:
Integrity level SID | Name |
---|---|
S-1-16-4096 | Mandatory Label\Low Mandatory Level |
S-1-16-8192 | Mandatory Label\Medium Mandatory Level |
S-1-16-12288 | Mandatory Label\High Mandatory Level |
S-1-16-16384 | Mandatory Label\System Mandatory Level |
Risk Assessment
Failure to follow the principle of least privilege may allow exploits to execute with elevated privileges.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
WIN02-C | High | Likely | High | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| BADFUNC.CREATEPROCESS | Use of CreateProcess | ||||||
PC-lint Plus |
| 586 | Fully supported |
Related Guidelines
ISO/IEC TR 24772 | Adherence to Least Privilege [XYN] |
MITRE CWE | CWE-250, Execution with unnecessary privileges CWE-272, Least privilege violation |
Bibliography
...
...