CCE-47810-7Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2022-09-02 (M)2023-07-04 |
This policy setting sets the Attack Surface Reduction rules.
Attack surface reduction helps prevent actions and apps that are typically used by exploit-
seeking malware to infect machines.
Fix:
(1) GPO: Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Defender AntivirusWindows Defender Exploit GuardAttack Surface ReductionConfigure Attack Surface Reduction rules: Set the state for each ASR rule
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:26190899-1602-49e8-8b27-eb1d0a1ce869
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:3b576869-a4ec-4529-8536-b80a7769e899
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:5beb7efe-fd9a-4556-801d-275e5ffc04cc
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:be9ba2d9-53ea-4cdc-84e5-9b1eeee46550
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:d3e037e1-3eb8-44c8-a917-57927947596d
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardASRRules:d4f940ab-401b-4efc-aadc-ad5f3c50688a
Parameter:
[Disable/Block/Audit/Warn]
Technical Mechanism:
(1) GPO: Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction\Configure Attack Surface Reduction rules: Set the state for each ASR rule
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:26190899-1602-49e8-8b27-eb1d0a1ce869
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:3b576869-a4ec-4529-8536-b80a7769e899
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:5beb7efe-fd9a-4556-801d-275e5ffc04cc
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:be9ba2d9-53ea-4cdc-84e5-9b1eeee46550
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:d3e037e1-3eb8-44c8-a917-57927947596d
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules:d4f940ab-401b-4efc-aadc-ad5f3c50688a
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.8 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:83743 |