MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) Countermeasure: Configure the MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) entry to a value of Enabled. The possible values for this registry entry are: - 1 or 0. The default configuration for Windows XP is 0 and it is 1 for Windows Server 2003. In the SCE UI, these options appear as: - Enabled - Disabled - Not Defined Potential Impact: Applications will be forced to search for DLLs in the system path first. For applications that require unique versions of these DLLs that are included with the application, this entry could cause performance or stability problems. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesMSS (Legacy)MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (2) REG: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager!SafeDllSearchMode

[enabled/disabled]

(1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager!SafeDllSearchMode