You are a member of your organization's security team. A new ticket just came into your service desk and was escalated to you. One of the system administrators noticed the following entry in a Windows Server 2008 R2 file server Security event log:
Log Name: Security -
Source: Microsoft-Windows-Security-Auditing
Date: 2/1/2012 2:24:07 AM -
Event ID: 4674 -
Task Category: Sensitive Privilege Use
Level: Information -
Keywords: Audit Failure -
User: N/A -
Computer: somehost.somecompany.com
Description: An operation was attempted on a privileged object.
Subject:
Security ID: LOCAL SERVICE -
Account Name: LOCAL SERVICE -
Account Domain: NT AUTHORITY -
Logon ID: 0x3e5 -
Object:
Object Server: LSA -
Object Type: -
Object Name: -
Object Handle: 0x0 -
Process Information:
Process ID: 0x1d8 -
Process Name: C:\Windows\System32\Isass.exe
Requested Operation:
Desired Access: 16777216 -
Privileges: SeSecurityPrivilege -
What is your next step?