CCE-35488-6Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-14 |
Accounts: Rename guest account
The built-in local guest account is another well-known name to attackers. Microsoft recommends to rename this account to something that does not indicate its purpose. Even if you disable this account, which is recommended, ensure that you rename it for added security.
Note This policy setting is not configured in the Security Templates, nor is a new user name for the account suggested here. Suggested user names are omitted to ensure that organizations that implement this guidance will not use the same new user name in their environments.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!Accounts: Rename guest account
(2) WMI: ###
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.6 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:22359 |