Detailed attack pattern
Draft
CAPEC-550: Install New Service
When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.
Last updated
Not rated
Typical severity
Per MITRE
Not rated
Likelihood of attack
Per MITRE
1
Related weaknesses
CWEs this targets
Detailed
Abstraction
MITRE classification
Overview
CAPEC-550 (Install New Service) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How to mitigate it
Defenses that reduce the risk of CAPEC-550.
- Limit privileges of user accounts so new service creation can only be performed by authorized administrators.
Terminology & mappings
Mapped taxonomies
- ATTACK: Create or Modify System Process (1543)
Frequently asked questions
Common questions about CAPEC-550.