[metadata]
id = "WIN05-C"
type = "rule"
category = "WIN"
number = 5
title = "Do not violate least privilege when creating processes or accessing registry"
description = """
Programs should follow the principle of least privilege. On Windows, this means:
(1) Executable paths in CreateProcess must be quoted when they contain spaces,
to prevent path interception attacks where an attacker places a malicious
executable at an ambiguous path (e.g., C:\\Program.exe).
(2) Registry operations should use HKEY_CURRENT_USER instead of
HKEY_LOCAL_MACHINE when possible, as HKEY_LOCAL_MACHINE requires
administrator privileges and violates least privilege.
"""
severity = "High"
likelihood = "Probable"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "Apr 01, 2026"
[rules.cert_c.WIN05-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/WIN00-C.+Be+specific+when+dynamically+loading+libraries"
cwe = ["CWE-272", "CWE-428"]