CAPEC-478: Modification of Windows Service Configuration

An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.

High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-478 (Modification of Windows Service Configuration) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-478: Modification of Windows Service Configuration

Overview

How the attack works

What the attacker needs

Prerequisites

Resources required

Consequences

How to mitigate it

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-478?

How does a Modification of Windows Service Configuration attack work?

How do you prevent CAPEC-478?

What weaknesses does CAPEC-478 target?

How severe is CAPEC-478?

References

Defend against CAPEC-478

Overview

How the attack works

What the attacker needs

Prerequisites

Resources required

Consequences

How to mitigate it

Related weaknesses

Related attack patterns

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-478?

How does a Modification of Windows Service Configuration attack work?

How do you prevent CAPEC-478?

What weaknesses does CAPEC-478 target?

How severe is CAPEC-478?

References

Defend against CAPEC-478