CAPEC Details
Name Modify Existing Service
Likelyhood of attack Typical severity
Medium Medium
Summary When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
Solutions Limit privileges of user accounts so service changes can only be performed by authorized administrators. Also monitor any service changes that may occur inadvertently.
Related Weaknesses
CWE ID Description
CWE-284 Improper Access Control
CWE-522 Insufficiently Protected Credentials
Related CAPECS
CAPEC ID Description
CAPEC-542 An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts.
Taxonomy: ATTACK
Entry ID Entry Name
1543.002 Create or Modify System Process:Systemd Service
1543.003 Create or Modify System Process:Windows Service
1543.004 Create or Modify System Process:Launch Daemon
1569.001 System Services:Launchctl
1569.002 System Services:Service Execution