CCE-99857-5| Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2023-07-04 (M)2023-07-04 |
This policy setting controls whether or not users can override the SHA256 security validation in the Windows Package Manager settings. Users should not have the ability to override SHA256 security validation.
The recommended state for this setting is: Disabled .
Fix:
(1) GPO: Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsDesktop App InstallerEnable App Installer Hash Override
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsAppInstaller:EnableHashOverride
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Policies\Administrative Templates\Windows Components\Desktop App Installer\Enable App Installer Hash Override
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppInstaller:EnableHashOverride
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.8 | Attack Vector: LOCAL |
| Exploit Score: 2.0 | Attack Complexity: LOW |
| Impact Score: 6.0 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:90037 |
