CCE-47640-8Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2022-09-02 (M)2023-07-04 |
This policy setting controls whether Windows Store apps with Windows Runtime API access directly from web content can be launched.
If you enable this policy setting, Windows Store apps with Windows Runtime API access directly from web content cannot be launched; Windows Store apps without Windows Runtime API access from web content are not affected.
If you disable or do not configure this policy setting, all Windows Store apps can be launched.
Countermeasure:
Enable and configure this setting.
Potential Impact:
Windows Store apps with Windows Runtime API access directly from web content cannot be launched.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApp runtimeBlock launching Windows Store apps with Windows Runtime API access from hosted content.
(2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem!BlockHostedAppAccessWinRT
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\App runtime\Block launching Windows Store apps with Windows Runtime API access from hosted content.
(2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System!BlockHostedAppAccessWinRT
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.5 | Attack Vector: NETWORK |
Exploit Score: 1.6 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:83595 |