Vulnerability V-259367

Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto\Keys Note: If the folder above does not exist, this is not applicable. Verify the permissions on the folder, subfolders, and files are limited to SYSTEM and Administrators FULL CONTROL. In File Explorer: For each folder, subfolder, and file, view the Properties. Select the "Security" tab, and then click "Advanced". Default permissions: C:\ProgramData\Microsoft\Crypto\Keys Type - "Allow" for all Inherited from - "None" for all Principal - Access - Applies to SYSTEM - Full control - This folder, subfolders and files Administrators - Full control - This folder, subfolders and files Everyone - Read - This folder, subfolders, and files Alternately, use icacls: Open a command prompt and enter "icacls" followed by the directory. For each folder, subfolder, and file, view the Properties. "icacls %ALLUSERSPROFILE%\Microsoft\Crypto\Keys" C:\ProgramData\microsoft\crypto\keys NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) Everyone:(OI)(CI)(R) Successfully processed 1 files; Failed processing 0 files If any other user or group has greater than READ privileges to the %ALLUSERSPROFILE%\Microsoft\Crypto\Keys folder, subfolders, and files, this is a finding.

Navigate to the following location: %ALLUSERSPROFILE%\Microsoft\Crypto\Keys Modify permissions on the keys folder, subfolders, and files to be limited to SYSTEM and Administrators FULL CONTROL, and to limit all other users/groups to READ. If additional permissions are needed, it must be documented and approved by the information system security officer (ISSO) or information system security manager (ISSM).