CCE-93022-2Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2020-09-22 (M)2023-07-04 |
Prevent access to 16-bit applications
Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system. By default, the MS-DOS subsystem runs for all users on this computer.
If the status is set to Enabled, ntvdm.exe is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.
If the status is set to Disabled, the default setting applies and the MS-DOS subsystem runs for all users on this computer.
If the status is set to Not Configured, the default applies and ntvdm.exe runs for all users. However, if an administrator sets the registry DWORD value HKLMSystemCurrentControlSetControlWOWDisallowedPolicyDefault to 1, the default changes to prevent all 16-bit applications from running.
Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApplication Compatibility!Prevent access to 16-bit applications
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsAppCompat!VDMDisallowed
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.6 | Attack Vector: NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:56042 |