Detailedlikelihood: Lowseverity: HighUsable

CAPEC-478Modification of Windows Service Configuration

Abstraction
Detailed
Status
Usable
Likelihood
Low
Severity
High

Description

An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service. Metadata: detailed CAPEC pattern, status usable, likelihood low, severity high. Underlying weakness: CWE-284. Mapped ATT&CK techniques: [object Object], [object Object]. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-284

MITRE ATT&CK crosswalk· 2

T1574.011: Hijack Execution Flow:Service Registry Permissions WeaknessT1543.003: Create or Modify System Process:Windows Service

Related attack patterns· 1

CAPEC-203 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related to2

TypeTargetConfidenceTier
SubTechniqueServices Registry Permissions Weaknesst1574.011100%live
SubTechniqueWindows Servicet1543.003100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Modify Existing Service
CAPEC
Replace Trusted Executable
CAPEC
Web Services Protocol Manipulation
CAPEC
Install New Service
Sub-technique
Services File Permissions Weakness
CAPEC
Malicious Logic Insertion into Product Software via Configuration Management Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.