Download
| Alert*
oval:org.secpod.oval:def:74775
The operating system installed on the system is Microsoft Windows Server 2022. oval:org.secpod.oval:def:81306 By configuring this policy setting you can adjust what diagnostic data is collected from Windows. This policy setting also restricts the user from increasing the amount of diagnostic data collection via the Settings app. The diagnostic data collected under this policy impacts the operating system an ... oval:org.secpod.oval:def:81309 This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites. If you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from continuing to the site. If you disab ... oval:org.secpod.oval:def:78754 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78751 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78752 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78750 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78747 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78748 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78749 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78745 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. oval:org.secpod.oval:def:78746 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78741 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78742 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78743 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78740 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78798 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:78796 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of certain kernel memory content. oval:org.secpod.oval:def:78797 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability oval:org.secpod.oval:def:78786 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability oval:org.secpod.oval:def:78787 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:78723 Windows DNS Server Remote Code Execution Vulnerability. To exploit this vulnerability, the attacker or targeted user would need specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:78774 Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:78770 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability oval:org.secpod.oval:def:77686 The host is missing an important security update for KB5010354 oval:org.secpod.oval:def:91066 Enables management of password for local administrator account If you enable this setting, local administrator password is managed If you disable or not configure this setting, local administrator password is NOT managedVulnerability: Disabling or not configuring this setting can compromise security ... oval:org.secpod.oval:def:78744 Windows DNS Server Information Disclosure Vulnerability oval:org.secpod.oval:def:78773 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78087 The host is missing an important security update for KB5011497 oval:org.secpod.oval:def:85427 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could gain administrator privilege ... oval:org.secpod.oval:def:85431 Netlogon RPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could gain administrator privileges. An authent ... oval:org.secpod.oval:def:81002 This policy setting allows you to control what information is shared with Bing in Search. If you enable this policy setting, you can specify one of four settings, which users wont be able to change: -User info and location: Share a users search history, some Microsoft account info, and ... oval:org.secpod.oval:def:90362 DHCP Server Service Information Disclosure Vulnerability. The attacker might be able to guess the DHCP server's IP addresses pool information, which would otherwise not be disclosed. oval:org.secpod.oval:def:90378 Windows DNS Spoofing Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. oval:org.secpod.oval:def:90355 Windows SMB Witness Service Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could execute RPC procedures that are restricted to privileged accounts, bypassing the access check for the RPC procedures. To exploit this vulnerability, an attacker could ex ... oval:org.secpod.oval:def:90877 Windows Local Security Authority (LSA) Denial of Service Vulnerability. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. oval:org.secpod.oval:def:90887 Windows Remote Desktop Security Feature Bypass Vulnerability. An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session. oval:org.secpod.oval:def:94750 This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate tempo ... oval:org.secpod.oval:def:94749 This policy setting controls whether winlogon sends Multiple Provider Router (MPR) notifications. MPR handles communication between the Windows operating system and the installed network providers. MPR checks the registry to determine which providers are installed on the system and the order they ar ... oval:org.secpod.oval:def:89014 Netlogon RPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could gain the privileges of the targeted user. ... oval:org.secpod.oval:def:81897 Windows Network File System Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Successful exploitation of this vulnerability ... oval:org.secpod.oval:def:81896 Windows Network File System Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:81901 Windows Network File System Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). Successful exploitation of this vulnerability ... oval:org.secpod.oval:def:81919 Active Directory Federation Services Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker who successfully exploited this vulnerability could gain domai ... oval:org.secpod.oval:def:81918 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular ... oval:org.secpod.oval:def:80939 This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. ... oval:org.secpod.oval:def:80937 Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. Counter Measure: Disable this setting depending on your organizations requirements. Potential ... oval:org.secpod.oval:def:80938 This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association. When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to s ... oval:org.secpod.oval:def:80931 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Counter Measure: Configure this policy setting to Yes. Poten ... oval:org.secpod.oval:def:80932 This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication. If you enable this setting, Credential Manager does not store passwords and credentials on the computer. If you disable or do not configure this policy sett ... oval:org.secpod.oval:def:80930 This policy setting specifies whether Windows will search Windows Update for device drivers when no local drivers for a device are present. Note: See also Turn off Windows Update device driver search prompt in Administrative Templates/System, which governs whether an administrator is prompted b ... oval:org.secpod.oval:def:80935 This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages. Counter Measure: Disable this setting to prevent the client from receiving unicast responses. Potential Impact: If you enable this setting and thi ... oval:org.secpod.oval:def:80936 This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: * Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy ... oval:org.secpod.oval:def:80933 This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vul ... oval:org.secpod.oval:def:80934 This policy setting allows you to configure a domain controller to request compound authentication. Note: For a domain controller to request compound authentication, the policy KDC support for claims, compound authentication, and Kerberos armoring must be configured and enabled. If you ena ... oval:org.secpod.oval:def:80928 Windows Vista and later versions of Windows allow audit policy to be managed in a more precise way using audit policy subcategories. Setting audit policy at the category level will override the new subcategory audit policy feature. Group Policy only allows audit policy to be set at the category le ... oval:org.secpod.oval:def:80929 This policy setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards. Counter Measure: Enable this setting Potential Impact: If this policy setting is enabled, Windows is prevented from downloading providers; only the service pr ... oval:org.secpod.oval:def:80926 This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. This prevents users from choosing not to use Work Folder ... oval:org.secpod.oval:def:80927 Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as op ... oval:org.secpod.oval:def:80920 This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. Th ... oval:org.secpod.oval:def:80921 This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are: 1 = Quick Scan (default) 2 = Full Scan If you enable this setting, the scan type will be set to the specified value. If you disable or do not configure this setting, the ... oval:org.secpod.oval:def:80924 This security setting determines whether packet signing is required by the SMB server component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ... oval:org.secpod.oval:def:80925 This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off. If you enable or do not configure this setting, a process scan will be initiated when real-time protection ... oval:org.secpod.oval:def:80922 This policy setting specifies that Automatic Updates will wait for computers to be restarted by the users who are logged on to them to complete a scheduled installation. If you enable the No auto-restart for scheduled Automatic Updates installations setting, Automatic Updates does not restart c ... oval:org.secpod.oval:def:80923 This policy setting allows you to configure the automatic scan which starts after a definition update has occurred. If you enable or do not configure this setting, a scan will start following a definition update. If you disable this setting, a scan will not start following a definition upd ... oval:org.secpod.oval:def:80959 This policy setting allows you to manage whether or not end users can pause a scan in progress. If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan. If you disable this setting, users will not be able to p ... oval:org.secpod.oval:def:80953 This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not ... oval:org.secpod.oval:def:80954 This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or ... oval:org.secpod.oval:def:80951 This security setting determines whether to disconnect users who are connected to the local computer outside their user accounts valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB Service to be forcib ... oval:org.secpod.oval:def:80952 This policy setting allows you to configure behavior monitoring. If you enable or do not configure this setting, behavior monitoring will be enabled. If you disable this setting, behavior monitoring will be disabled. Counter Measure: Configure this setting depending on your organizat ... oval:org.secpod.oval:def:80957 This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files. If you enable or do not configure this setting, archive files will be scanned. If you disable this setting, archive files will not be scanned. Count ... oval:org.secpod.oval:def:80958 This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group ... oval:org.secpod.oval:def:80955 This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent mu ... oval:org.secpod.oval:def:80956 When running in restricted mode, participating apps do not expose credentials to remote computers (regardless of the delegation method). Restricted mode may limit access to resources located on other servers or networks beyond the target computer because credentials are not delegated. Participa ... oval:org.secpod.oval:def:80950 This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. Counter Measure: Disable this setting to override firewall rules created locally by administrators. Potential Impac ... oval:org.secpod.oval:def:80948 This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps. If you enable or do not configure this poli ... oval:org.secpod.oval:def:80949 This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions. If you enable or do no ... oval:org.secpod.oval:def:80942 Specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this setting, all communications between clients and RD Session Host servers during remote conne ... oval:org.secpod.oval:def:80943 This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, remote connections to the Plug and Play interface are allowed. If you disable or do not configure this policy setting, remote connections to the Plug and Play in ... oval:org.secpod.oval:def:80940 This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started. ... oval:org.secpod.oval:def:80941 If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to log on with biometrics, you must also configure the Allow users to log on using bi ... oval:org.secpod.oval:def:80946 Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store. Enabling thi ... oval:org.secpod.oval:def:80947 This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, ... oval:org.secpod.oval:def:80944 When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled. Counter Measure: Configure the Network access: Restr ... oval:org.secpod.oval:def:80945 This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabl ... oval:org.secpod.oval:def:80917 This policy setting determines which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. The setting does not modify how the authentication sequence works but instead require certai ... oval:org.secpod.oval:def:80918 Enable auditing of Lsass.exe to evaluate feasibility of enabling LSA protection. For more information, see http://technet.microsoft.com/en-us/library/dn408187.aspx Counter Measure: Enable and configure this setting. Potential Impact: Some unprotected LSA processes will be unable to functio ... oval:org.secpod.oval:def:80915 This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system. If you enable or do not configure this policy setting, the device securely saves the users credentials (including the user name, domain and encrypted pass ... oval:org.secpod.oval:def:80916 Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Counter Measure: Configure this policy setting to a value suitable for your organization, such as the default value of %SYSTEMROOT%\System32\LogFiles\firewall\domainfw.log. Poten ... oval:org.secpod.oval:def:80919 Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specifie ... oval:org.secpod.oval:def:80910 MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) Counter Measure: Configure the MSS: (TcpMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted (3 recommended, 5 is default) entry to a value of 3. ... oval:org.secpod.oval:def:80913 This policy setting allows pinning apps to Start by default, when they are included by AppID on the list. Counter Measure: Enable and configure this setting. Potential Impact: Users will need to manually locate and pin apps to Start. Fix: (1) GPO: Computer Configuration\Administrative T ... oval:org.secpod.oval:def:80914 This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the f ... oval:org.secpod.oval:def:80911 This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can ... oval:org.secpod.oval:def:80912 This security setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use policy is in effect. Enabling this option when the Audit privilege use policy is also enabled generates an audit event for every file that is backed up or rest ... oval:org.secpod.oval:def:80906 Directs Windows Installer to use system permissions when it installs any program on the system. This setting extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (in ... oval:org.secpod.oval:def:80907 Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default, users can enable a slide show that will run after they lock the machine. If you enable this setting, users will no longer be able to modify slide show settings ... oval:org.secpod.oval:def:80904 This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (O ... oval:org.secpod.oval:def:80905 This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: {\\unc1 | \\unc2 }. ... oval:org.secpod.oval:def:80908 This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions. If you enable or do not configure this setting, unique items defined in Group Policy and in ... oval:org.secpod.oval:def:80909 This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the us ... oval:org.secpod.oval:def:80902 Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the s ... oval:org.secpod.oval:def:80903 This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, standard users will ... oval:org.secpod.oval:def:80900 A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it cannot be used on other devices. If you enable this policy setting, only devices with a usable TPM provision Microsoft Passport for Work. If you disable this policy setting, al ... oval:org.secpod.oval:def:80901 This entry appears as MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) in the Local Group Policy Editor. You can configure a computer so that it does not send announcements to browsers on the domain. If you do, you hide the computer from the Ne ... oval:org.secpod.oval:def:81393 Enables the server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windows feature (Internet Information Services). Note #2: An ... oval:org.secpod.oval:def:81392 This service monitors the current location of the system and manages geofences (a geographical location with associated events). This setting affects the location feature (e.g. GPS or other location tracking). From a security perspective, it is not a good idea to reveal your location to software in ... oval:org.secpod.oval:def:81391 Windows service for application access to downloaded maps. This service is started on- demand by application accessing downloaded maps. Mapping technologies can unwillingly reveal your location to attackers and other software that picks up the information. In addition, automatic downloads of data ... oval:org.secpod.oval:def:81390 Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. Note: In Windows 8.1 and Windows 10, this service is bundled with the SMB 1.0/CIFS File Sharing Support optional feature. As a result, removing that feature (highly recommended unless b ... oval:org.secpod.oval:def:81389 The Bluetooth service supports discovery and association of remote Bluetooth devices. Default: Manual. Counter Measure: The recommended state for this setting is Disabled. Potential Impact: Already installed Bluetooth devices may fail to operate properly and new devices may be prevented ... oval:org.secpod.oval:def:81388 Service supporting the audio gateway role of the Bluetooth Handsfree Profile. Note: This service was first introduced in Windows 10 Release 1803. It appears to have replaced the older Bluetooth Handsfree Service (BthHFSrv), which was removed from Windows in that release (it is not simply a rename, ... oval:org.secpod.oval:def:81397 The LXSS Manager service supports running native ELF binaries. The service provides the infrastructure necessary for ELF binaries to run on Windows. Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windows feature (Windows Subsyst ... oval:org.secpod.oval:def:81396 Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. The feature that this service enables could potentially be used for unauthorized discovery and connection to network devices. Disabling the service helps to prevent re ... oval:org.secpod.oval:def:81395 Provides network access translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Internet Connection Sharing (ICS) is a feature that allows someone to "share" their Internet connection with other machines on the network - it was designed for ... oval:org.secpod.oval:def:81394 Detects other Infrared devices that are in range and launches the file transfer application. Infrared connections can potentially be a source of data compromise - especially via the automatic "file transfer application" functionality. Enterprise-managed systems should utilize a more secure method o ... oval:org.secpod.oval:def:81399 Manages Internet SCSI (iSCSI) sessions from this computer to remote target devices. This service is critically necessary in order to directly attach to an iSCSI device. However, iSCSI itself uses a very weak authentication protocol (CHAP), which means that the passwords for iSCSI communic ... oval:org.secpod.oval:def:81398 Enables the server to be a File Transfer Protocol (FTP) server Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windows feature (Internet Information Services - FTP Server). Hosting an FTP server (especially a non-secure FTP serv ... oval:org.secpod.oval:def:91259 Local Administrator Password Solution (LAPS) tool is free and supported software that allows an organization to automatically set randomized and unique local Administrator account passwords on domain-attached workstations and member servers. The passwords are stored in a confidential attribute of th ... oval:org.secpod.oval:def:91258 Windows includes support for Structured Exception Handling Overwrite Protection (SEHOP). We recommend enabling this feature to improve the security profile of the computer. The recommended state for this setting is: Enabled.Note: After you enable SEHOP, existing versions of Cygwin, Skype, and Armadi ... oval:org.secpod.oval:def:91255 This policy setting allows you to manage whether Windows marks file attachments from Internet Explorer or Microsoft Outlook? Express with information about their zone of origin (such as restricted, Internet, intranet, or local). This policy setting requires that files be downloaded to NTFS disk part ... oval:org.secpod.oval:def:91257 Determines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enab ... oval:org.secpod.oval:def:91256 Determines when registry policies are updated.This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry.It overrides customized settings that the program implementing a registry policy set when it was installed.If you enable thi ... oval:org.secpod.oval:def:81009 Disable turns off the launch of all apps from the Windows Store that came pre-installed or were downloaded. Apps will not be updated. Your Store will be also be disabled. Enable turns all of it back on. Counter Measure: Configure this setting depending on your organizations requirements. Pote ... oval:org.secpod.oval:def:81008 This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444. Counter Measure: Configur ... oval:org.secpod.oval:def:81007 This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. If you disable or do not configure this policy, we will always use software encoding. If you ... oval:org.secpod.oval:def:81006 This setting specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The PIN can be set to expire after any number of days between 1 and 730, or PINs can be set to never expire if the policy is set to 0. Default: 0. Counter Measure: ... oval:org.secpod.oval:def:81001 This policy setting allows you to enable real-time definition updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest definition update has definitions for a threat involving that file, the service will receive all o ... oval:org.secpod.oval:def:81000 This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity. Note: For a domain controller to request compound authentication, the policies KDC support for claims, compound authentication, and Kerberos armoring ... oval:org.secpod.oval:def:81005 This setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially malicious websites. Turning this setting on stops employees from ignoring the SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not c ... oval:org.secpod.oval:def:81004 This policy setting allows you to manage installing Windows apps on additional volumes such as secondary partitions, USB drives, or SD cards. If you enable this setting, you cant move or install Windows apps on volumes that are not the system volume. If you disable or do not configure this ... oval:org.secpod.oval:def:81003 This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If yo ... oval:org.secpod.oval:def:81427 Provides Web connectivity and administration through the Internet Information Services Manager. Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windows feature (Internet Information Services - World Wide Web Services). Note #2: ... oval:org.secpod.oval:def:81426 Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. Features ... oval:org.secpod.oval:def:81425 This service manages Apps that are pushed to the device from the Microsoft Store App running on other devices or the web. In a high security managed environment, application installations should be managed centrally by IT staff, not by end users. Default: Manual (Trigger Start) Counter Measure: ... oval:org.secpod.oval:def:81424 This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server. Windows Push Notification Services (WNS) is a mechanism to receive 3rd-party notifications and updates from the cloud/Internet. In a h ... oval:org.secpod.oval:def:81429 Provides authentication and authorization services for interacting with Xbox Live. Xbox Live is a gaming service and has no place in an enterprise managed environment (perhaps unless it is a gaming company). Default: Manual. Counter Measure: The recommended state for this setting is Disabled. ... oval:org.secpod.oval:def:81428 This service manages connected Xbox Accessories. Xbox Live is a gaming service and has no place in an enterprise managed environment (perhaps unless it is a gaming company) Default: Manual. Counter Measure: The recommended state for this setting is Disabled. Potential Impact: Connected ... oval:org.secpod.oval:def:81423 Provides the ability to share a cellular data connection with another device. The capability to run a mobile hotspot from a domain-connected computer could easily expose the internal network to wardrivers or other hackers Default: Manual (Trigger Start) Counter Measure: The recommended state ... oval:org.secpod.oval:def:81422 Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play. Network sharing of media from Media Player has no place in an enterprise managed environment. Default: Manual Counter Measure: The recommended state for this setting is Disable ... oval:org.secpod.oval:def:81421 This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI- enabled event sources. The service stores forwarded events in a local Event Log In a high security environment, remote connecti ... oval:org.secpod.oval:def:81420 Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services If a Windows Error occurs in a secure, enterprise managed environment, the error should be reported directly to IT ... oval:org.secpod.oval:def:81416 Enables Simple Network Management Protocol (SNMP) requests to be processed by this computer. Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windows feature (Simple Network Management Protocol (SNMP)). Features that enable inbo ... oval:org.secpod.oval:def:81415 Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day. Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windows feature (Simple TCPIP services (i.e. echo, daytime etc)) The Sim ... oval:org.secpod.oval:def:81414 Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. In a high security environment, a secure workstation should only be a client, not a server. Sharing workstation resources for remote access inc ... oval:org.secpod.oval:def:81413 Offers routing services to businesses in local area and wide area network environments. This services main purpose is to provide Windows router functionality - this is not an appropriate use of workstations in an enterprise managed environment Default: Disabled Counter Measure: The recommen ... oval:org.secpod.oval:def:81419 The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on the machine. Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windo ... oval:org.secpod.oval:def:81418 Allows UPnP devices to be hosted on this computer. Universal Plug n Play (UPnP) is a real security risk - it allows automatic discovery and attachment to network devices. Notes that UPnP is different than regular Plug n Play (PnP). Workstations should not be advertising their services (or automati ... oval:org.secpod.oval:def:81417 Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. Universal Plug n Play (UPnP) is a real security risk - it allows automatic discovery and attachment to network devices. Notes ... oval:org.secpod.oval:def:81412 Enables remote users to modify registry settings on this computer In a high security environment, exposing the registry to remote access is an increased security risk. Default: Disabled Counter Measure: The recommended state for this setting is Disabled. Potential Impact: The registry ... oval:org.secpod.oval:def:81411 In Windows 2003 and older versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and newer versions of Windows, this service does not provide any functionality and is present for application compatibility. This is a legacy servic ... oval:org.secpod.oval:def:81410 Allows the redirection of Printers/Drives/Ports for RDP connections. In a security-sensitive environment, it is desirable to reduce the possible attack surface - preventing the redirection of COM, LPT and PnP ports will reduce the number of unexpected avenues for data exfiltration and/or malicious ... oval:org.secpod.oval:def:81430 This service syncs save data for Xbox Live save enabled games. Xbox Live is a gaming service and has no place in an enterprise managed environment (perhaps unless it is a gaming company). Default: Manual (Trigger Start) Counter Measure: The recommended state for this setting is Disabled. Po ... oval:org.secpod.oval:def:81431 This service supports the Windows.Networking.XboxLive application programming interface. Xbox Live is a gaming service and has no place in an enterprise managed environment (perhaps unless it is a gaming company). Default: Manual. Counter Measure: The recommended state for this setting is Di ... oval:org.secpod.oval:def:81405 This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context p2p pnrp peer. Peer Name Resolution Protocol is a distributed and (mostly) serverless way to handle name resolution of clients with each other. In a high security environmen ... oval:org.secpod.oval:def:81404 Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. Peer Name Resolution Protocol is a distributed and (mostly) serverless way to handle name resolution of clients with each other. In a high security environment, it is more secure to rely on c ... oval:org.secpod.oval:def:81403 Enables multi-party communication using Peer-to-Peer Grouping. Peer Name Resolution Protocol is a distributed and (mostly) serverless way to handle name resolution of clients with each other. In a high security environment, it is more secure to rely on centralized name resolution methods maintained ... oval:org.secpod.oval:def:81402 Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP) Peer Name Resolution Protocol is a distributed and (mostly) serverless way to handle name resolution of clients with each other. In a high security environment, it is more secure to rely on cent ... oval:org.secpod.oval:def:81409 Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. In a high security environment, Remote Desktop access is an increased security risk. For these environments, only local console access should be permitted. Def ... oval:org.secpod.oval:def:81408 Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates In a high security environment, Remote Desktop access i ... oval:org.secpod.oval:def:81407 Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address The function of this service is to provide a "demand dial" type of functionality. In a high security environment, it is preferred that any remote "dial" connections (whether they be legacy ... oval:org.secpod.oval:def:81406 This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel. This service is involved in the process of displaying/reporting issues and solutions to/from Microsoft. In a high security environment, preventing thi ... oval:org.secpod.oval:def:81401 SSH protocol based service to provide secure encrypted communications between two untrusted hosts over an insecure network. Note: This service is not installed by default. It is supplied with Windows, but it is installed by enabling an optional Windows feature (OpenSSH Server) Hosting an SSH serve ... oval:org.secpod.oval:def:81400 This service provides infrastructure support for the Microsoft Store. In a high security managed environment, application installations should be managed centrally by IT staff, not by end users. Default: Manual. Counter Measure: The recommended state for this setting is Disabled. Potential I ... oval:org.secpod.oval:def:80975 This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this Group Policy setting to grant access to all the computers to particular ... oval:org.secpod.oval:def:80976 This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: * Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the o ... oval:org.secpod.oval:def:80973 This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. If you enable or do not configure this setting, protocol recognition will be enabled. If you disable this setting, protocol recognition will be disabled. Cou ... oval:org.secpod.oval:def:80974 This policy setting allows you to configure the antimalware service to receive notifications to disable individual definitions in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable definitions that are causing false positive reports. You must have conf ... oval:org.secpod.oval:def:80979 This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver: - Good: T ... oval:org.secpod.oval:def:80977 This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in t ... oval:org.secpod.oval:def:80978 This security setting determines the level of data signing that is requested on behalf of clients issuing LDAP BIND requests, as follows: * None: The LDAP BIND request is issued with the options that are specified by the caller. * Negotiate signing: If Transport Layer Security/Secure Sockets Layer ... oval:org.secpod.oval:def:80971 This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time. If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances: Automat ... oval:org.secpod.oval:def:80972 This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting. If you enable this policy setting, Windows is prevented from installing, or updating the device driver for, any device that is not described by either the Allow ... oval:org.secpod.oval:def:80970 This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. If you enable this ... oval:org.secpod.oval:def:80964 This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as rea ... oval:org.secpod.oval:def:80965 This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer does not appear on the Windows l ... oval:org.secpod.oval:def:80962 This security setting determines whether to audit the access of global system objects. If this policy is enabled, it causes system objects, such as mutexes, events, semaphores and DOS devices, to be created with a default system access control list (SACL). Only named objects are given a SACL; SACLs ... oval:org.secpod.oval:def:80963 This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker. I ... oval:org.secpod.oval:def:80968 This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line mpcmdrun -SigUpdate, but it has no effect on scans initiated manually from the user interface. ... oval:org.secpod.oval:def:80969 This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking ... oval:org.secpod.oval:def:80966 This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not ... oval:org.secpod.oval:def:80967 This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used. Counter Measure: Enable this policy setting to ensure that Windows Messenger does not collect usage information and to prevent display of the ... oval:org.secpod.oval:def:80960 This policy setting allows you to enable download of definition updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update. If you enable this setting, definition updates will be downloaded from Microsoft Update. ... oval:org.secpod.oval:def:80961 This policy setting determines which users or groups might access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to specify access permissions to all the computers to particular user ... oval:org.secpod.oval:def:80997 This policy setting allows you to define the number of days that must pass before virus definitions are considered out of date. If definitions are determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a w ... oval:org.secpod.oval:def:80998 This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group P ... oval:org.secpod.oval:def:80995 This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection ... oval:org.secpod.oval:def:80996 This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local ... oval:org.secpod.oval:def:80999 This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop- ... oval:org.secpod.oval:def:80990 This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to gr ... oval:org.secpod.oval:def:80993 Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Counter Measure: Configure this policy setting to a value suitable for your organization, such as the default value of %SYSTEMROOT%\System32\LogFiles\firewall\publicfw.log. Poten ... oval:org.secpod.oval:def:80994 This policy setting controls the behavior of the elevation prompt for standard users. The options are: - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, ... oval:org.secpod.oval:def:80991 This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file r ... oval:org.secpod.oval:def:80992 This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in ... oval:org.secpod.oval:def:80986 This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality includ ... oval:org.secpod.oval:def:80987 Specifies the period of inactivity before Windows turns off the display. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. If you disable this policy or do not configure it, users can see and c ... oval:org.secpod.oval:def:80984 This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers. If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on ... oval:org.secpod.oval:def:80985 This security setting determines which communication sessions (pipes) will have attributes and permissions that allow anonymous access. Note: When you configure this setting you specify a list of one or more objects. The delimiter used when entering the list is a line feed or carriage return, t ... oval:org.secpod.oval:def:80988 This policy setting allows you to manage the installation of app packages that do not originate from the Windows Store. Counter Measure: Organizations that develop their own line-of-business app packages or acquire then directly from vendors may want to enable this policy setting, however if y ... oval:org.secpod.oval:def:80989 This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. If you enable this policy setting, all local administrator a ... oval:org.secpod.oval:def:80982 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins. If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for an ... oval:org.secpod.oval:def:80983 This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: Send LM a ... oval:org.secpod.oval:def:80980 This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Power Users Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. Counter Mea ... oval:org.secpod.oval:def:80981 This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file r ... oval:org.secpod.oval:def:81099 This policy setting allows you to audit events generated by the IPsec filter driver such as the following: Startup and shutdown of the IPsec services. Network packets dropped due to integrity check failure. Network packets dropped due to replay check failure. Network packets dropped ... oval:org.secpod.oval:def:81098 Use this policy setting to configure the use of uppercase letters in the Microsoft Passport for PIN. If you enable this policy setting, Microsoft Passport for Work requires users to include at least one uppercase letter in their PIN. If you disable or do not configure this policy setting, ... oval:org.secpod.oval:def:81097 Use this policy setting to configure the use of special characters in the Microsoft Passport for PIN. If you enable this policy setting, Microsoft Passport for Work requires users to include at least one special character in their PIN. If you disable or do not configure this policy setting ... oval:org.secpod.oval:def:81070 This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by d ... oval:org.secpod.oval:def:81074 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. If you enable this policy setting, the WinRM client will use Basic authentication. If WinRM is configured to use HTTP transport, then the user name and password are sent over ... oval:org.secpod.oval:def:81073 This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Compute ... oval:org.secpod.oval:def:81072 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Counter Measure: Configure this policy setting to Yes. Potential Impa ... oval:org.secpod.oval:def:81071 This policy setting configures the time in minutes before a detection in the additional action state moves to the cleared state. Counter Measure: Configure this setting depending on your organizations requirements. Potential Impact: Reducing the time in minutes before a detection in the a ... oval:org.secpod.oval:def:81067 Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note: When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notificat ... oval:org.secpod.oval:def:81066 This policy setting allows you to configure scanning for all downloaded files and attachments. If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled. If you disable this setting, scanning for all downloaded files and attachments w ... oval:org.secpod.oval:def:81065 This policy setting allows you to disable the client computers ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet. Counter Measure: Enable this setting to prevent users from submitting print jobs via HTTP. Potential Impact: I ... oval:org.secpod.oval:def:81064 This policy setting permits users to change installation options that typically are available only to system administrators. If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted du ... oval:org.secpod.oval:def:81069 This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Po ... oval:org.secpod.oval:def:81068 This security setting determines whether the system shuts down if it is unable to log security events. If this security setting is enabled, it causes the system to stop if a security audit cannot be logged for any reason. Typically, an event fails to be logged when the security audit log is full an ... oval:org.secpod.oval:def:81063 This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not ... oval:org.secpod.oval:def:81062 This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a pa ... oval:org.secpod.oval:def:81061 This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled. If you enable this setting, the antimalware service will always remain running even if ... oval:org.secpod.oval:def:81060 This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: * Users cant access OneDrive from the OneDrive app and file picker. * Windows Store apps cant access OneDrive using the WinRT API. * OneDrive doesnt appe ... oval:org.secpod.oval:def:81056 This policy setting prevents connected users from being enumerated on domain-joined computers. If you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers. If you disable or do not configure this policy setting, connected users will be ... oval:org.secpod.oval:def:81055 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network. If you disable or do not co ... oval:org.secpod.oval:def:81054 Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. Counter Measure: We recommend that you disable this policy setting unless you have to support legacy business applications that do not support it. Potential Impact: ... oval:org.secpod.oval:def:81053 Specifies whether to disable the administrator rights to customize security permissions in the Remote Desktop Session Host Configuration tool. You can use this setting to prevent administrators from making changes to the user groups on the Permissions tab in the Remote Desktop Session Host Conf ... oval:org.secpod.oval:def:81059 This policy setting determines whether a user can log on to a Windows domain using cached account information. Logon information for domain accounts can be cached locally to allow users to log on even if a domain controller cannot be contacted. This policy setting determines the number of unique use ... oval:org.secpod.oval:def:81058 This policy setting controls Event Log behavior when the log file reaches its maximum size. Counter Measure: Configure this setting to Disabled. Potential Impact: If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. ... oval:org.secpod.oval:def:81057 This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure cha ... oval:org.secpod.oval:def:81092 This policy setting allows you to control whether a domain user can sign in using a convenience PIN. In Windows 10, convenience PIN was replaced with Passport, which has stronger security properties. To configure Passport for domain users, use the policies under Computer configuration\Administrative ... oval:org.secpod.oval:def:81091 This policy setting determines whether enhanced anti-spoofing is configured for devices which support it. If you do not configure this policy setting, users will be able to choose whether or not to use enhanced anti-spoofing on supported devices. If you enable this policy setting, Windows ... oval:org.secpod.oval:def:81090 This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons. If you disable this policy setting, the SMB client will reject ... oval:org.secpod.oval:def:81096 Use this policy setting to configure the use of lowercase letters in the Microsoft Passport for PIN. If you enable this policy setting, Microsoft Passport for Work requires users to include at least one lowercase letter in their PIN. If you disable or do not configure this policy setting, ... oval:org.secpod.oval:def:81095 Use this policy setting to configure the use of digits in the Microsoft Passport for PIN. If you enable or do not configure this policy setting, Microsoft Passport for Work requires users to include at least one uppercase letter in their PIN. If you disable this policy setting, Microsoft P ... oval:org.secpod.oval:def:81094 This setting lets you decide whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to help protect your employees from potential phishing scams and malicious software. Turning this setting on, or not configuring it, turns on SmartScreen Filter. Turning this se ... oval:org.secpod.oval:def:81093 This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the Bit ... oval:org.secpod.oval:def:81089 This policy setting helps prevent Terminal Services clients from saving passwords on a computer. Note: If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Terminal Services client disconnects from any server. ... oval:org.secpod.oval:def:81088 This policy setting allows you to configure whether or not to display notifications to clients when they need to perform the following actions: Run a full scan Download the latest virus and spyware definitions Download Standalone System Sweeper If you enable or do not configure ... oval:org.secpod.oval:def:81087 This policy setting allows you to manage whether the Install Updates and Shut Down option is allowed to be the default choice in the Shut Down Windows dialog. Note: that this policy setting has no impact if the Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not ... oval:org.secpod.oval:def:81086 This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. Administrators can use this policy setting to control when a computer suspends an inactive SMB session. If client activity resumes, the ... oval:org.secpod.oval:def:81081 This policy setting configures access to remote shells. If you enable this policy setting and set it to False, new remote shell connections are rejected by the server. If you disable or do not configure this policy setting, new remote shell connections are allowed. Counter Measure: Configure ... oval:org.secpod.oval:def:81080 This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and i ... oval:org.secpod.oval:def:81085 This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting. If you enable this setting, network files will be scanned. If you disable or do not configure this setting, network files will not be scanned. Counter Measure: ... oval:org.secpod.oval:def:81084 This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this settin ... oval:org.secpod.oval:def:81083 This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group ... oval:org.secpod.oval:def:81082 This policy setting allows you to control the SafeSearch setting used when performing a query in Search. If you enable this policy setting, you can specify one of three SafeSearch settings, which users wont be able to change: - Strict: Filter out adult text, images, and videos from sea ... oval:org.secpod.oval:def:81078 This security setting determines the strength of the default discretionary access control list (DACL) for objects. Active Directory maintains a global list of shared system resources, such as DOS device names, mutexes, and semaphores. In this way, objects can be located and shared among processes. ... oval:org.secpod.oval:def:81077 This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expec ... oval:org.secpod.oval:def:81076 This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. Microso ... oval:org.secpod.oval:def:81075 This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box. If you enable this policy setting, Install Updates and Shut Down will not appear as a choice in the Shut Down Windows dialog box, even if updates are available ... oval:org.secpod.oval:def:81079 Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, ... oval:org.secpod.oval:def:81030 This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer. If you enable this policy setting, you can define a ... oval:org.secpod.oval:def:81029 This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name ... oval:org.secpod.oval:def:81028 This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an e ... oval:org.secpod.oval:def:81023 This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps. If you enable this policy setting, the advertising ID is turned off. Apps cant use the ID for experiences across apps. If you disable or do not configure this policy setting, us ... oval:org.secpod.oval:def:81022 When WDigest authentication is enabled, Lsass.exe retains a copy of the users plaintext password in memory, where it can be at risk of theft. Microsoft recommends disabling WDigest authentication unless it is needed. If this setting is not configured, WDigest authentication is disabled in Windo ... oval:org.secpod.oval:def:81021 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Counter Measure: Configure this policy setting to Yes. Potential Impa ... oval:org.secpod.oval:def:81020 Enable LSA protection. For more information, see http://technet.microsoft.com/en-us/library/dn408187.aspx Counter Measure: Enable and configure this setting. Potential Impact: Some unprotected LSA processes will be unable to function. Fix: (1) GPO: Computer Configuration\Administrative T ... oval:org.secpod.oval:def:81027 This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disabl ... oval:org.secpod.oval:def:81026 This policy setting configures whether or not locations on removable drives can be added to libraries. If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. If you disable or do not con ... oval:org.secpod.oval:def:81025 Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Counter Measure: Configure Network security: Allow LocalSystem NULL session fallback to Disabled. Potential Impact: Any applications that require NULL s ... oval:org.secpod.oval:def:81024 This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains t ... oval:org.secpod.oval:def:81019 This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level.Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains t ... oval:org.secpod.oval:def:81018 This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to Windows XP SP2, Autoplay is disabled ... oval:org.secpod.oval:def:81017 Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Default: not enforced. Counter Measure: Configure this policy setting to 900 seconds (15 minutes) so that the risk of a users de ... oval:org.secpod.oval:def:81012 This policy setting allows the administrator to assign a specified credential provider as the default credential provider. If you enable this policy setting, the specified credential provider is selected on other user tile. If you disable or do not configure this policy setting, the system ... oval:org.secpod.oval:def:81011 This policy setting determines the cipher suites used by the SMB client. If you enable this policy setting, cipher suites are prioritized in the order specified. If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure ... oval:org.secpod.oval:def:81010 This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders. Counter Measure: Enable the Turn off the Publish to Web task for files and folder ... oval:org.secpod.oval:def:81016 This policy setting controls whether raw volume write notifications are sent to behavior monitoring. If you enable or do not configure this setting, raw write notifications will be enabled. If you disable this setting, raw write notifications be disabled. Counter Measure: Configure t ... oval:org.secpod.oval:def:81015 This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction poli ... oval:org.secpod.oval:def:81014 Maximum PIN length configures the maximum number of characters allowed for the work PIN. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, which ... oval:org.secpod.oval:def:81013 This policy setting determines the amount of diagnostic and usage data reported to Microsoft. A value of 0 will send minimal data to Microsoft. This data includes Malicious Software Removal Tool (MSRT) and Windows Defender data, if enabled, and telemetry client settings. Setting a value of 0 applies ... oval:org.secpod.oval:def:81052 Specifies whether or not the user is prompted for a password when the system resumes from sleep. Counter Measure: Configure Require a Password When a Computer Wakes (On Battery) to Enabled. Potential Impact: If you enable this policy, or if it is not configured, the user is prompted for a ... oval:org.secpod.oval:def:81051 This setting controls whether local accounts can be used for remote administration via network logon (e.g., NET USE, connecting to C$, etc.). Local accounts are at high risk for credential theft when the same account and password is configured on multiple systems. Enabling this policy significantly ... oval:org.secpod.oval:def:81050 This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ... oval:org.secpod.oval:def:81045 This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To pre ... oval:org.secpod.oval:def:81044 Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Counter Measure: Configure this policy setting to a value suitable for your organization, such as the default value of %SYSTEMROOT%\System32\LogFiles\firewall\privatefw.log. Pote ... oval:org.secpod.oval:def:81043 This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. If you enable this setting, removable drives will be scanned during any type of scan. If you ... oval:org.secpod.oval:def:81042 This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group ... oval:org.secpod.oval:def:81049 This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use. If you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use. If you disable this setting, scheduled scans will run at ... oval:org.secpod.oval:def:81048 This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not confi ... oval:org.secpod.oval:def:81047 Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it. If this setting is set to zero or not configured, then Start uses the default background, and users can change it. If this setting is set to a nonzero value, then Start us ... oval:org.secpod.oval:def:81046 This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it. If you enable this policy setting, Windows Store apps that typically require a Microsoft account t ... oval:org.secpod.oval:def:81041 This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. If you enable this policy setting, the PCs network connectivity state cannot be changed without signing into Windows. If you disable or dont configure this policy setting, ... oval:org.secpod.oval:def:81040 This policy setting allows you to control whether or not Search can perform queries on the web over metered connections, and if the web results are displayed in Search. If you enable this policy setting, queries wont be performed on the web over metered connections and web results wont be displ ... oval:org.secpod.oval:def:81039 This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified def ... oval:org.secpod.oval:def:81034 This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics. If you enable or do not con ... oval:org.secpod.oval:def:81033 This policy setting allows you to configure monitoring for file and program activity. If you enable or do not configure this setting, monitoring for file and program activity will be enabled. If you disable this setting, monitoring for file and program activity will be disabled. Counter ... oval:org.secpod.oval:def:81032 This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in ... oval:org.secpod.oval:def:81031 This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most co ... oval:org.secpod.oval:def:81038 This policy setting allows you to configure scanning mapped network drives. If you enable this setting, mapped network drives will be scanned. If you disable or do not configure this setting, mapped network drives will not be scanned. Counter Measure: Configure this setting depending ... oval:org.secpod.oval:def:81037 Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By default, users can enable invocation of an available camera on the lock screen. If you enable this setting, users will no longer be able to enable or disable lock sc ... oval:org.secpod.oval:def:81036 This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the dr ... oval:org.secpod.oval:def:81035 This security setting determines which network shares can accessed by anonymous users. Default: None specified. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server. Note: It can be ... oval:org.secpod.oval:def:81108 This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request matc ... oval:org.secpod.oval:def:81107 This policy setting allows you to audit events generated by user account logon attempts on the computer. Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the compu ... oval:org.secpod.oval:def:81106 This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. For scheduler jobs, the following are audited: Job created. Job deleted. Job enabled. Job disabled. Job updated. For COM+ objects, the following are audited: Ca ... oval:org.secpod.oval:def:81105 This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). The following privileges are non-sensitive: Access Credential Manager as a trusted caller. Access this computer from the network. Add workstations to domain. ... oval:org.secpod.oval:def:81109 This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the reques ... oval:org.secpod.oval:def:81100 This policy setting allows you to audit events generated by validation tests on user account logon credentials. Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the loc ... oval:org.secpod.oval:def:81104 This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to. If you configure this policy setting, ... oval:org.secpod.oval:def:81103 This subcategory is not used. Counter Measure: Enable Audit policy settings that support the organizational security policy for all the computers in your organization. Identify the components that you need for an audit policy that enables your organization to hold users accountable for their a ... oval:org.secpod.oval:def:81102 This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record ... oval:org.secpod.oval:def:81101 This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits reco ... oval:org.secpod.oval:def:81129 This policy setting allows you to audit events generated by changes to application groups such as the following: Application group is created, changed, or deleted. Member is added or removed from an application group. If you configure this policy setting, an audit event is generated when an ... oval:org.secpod.oval:def:81128 This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see http://go.micr ... oval:org.secpod.oval:def:81127 This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. Currently, there are no events in this subcategory. Default: No Auditing. Counter Measure: Enable Audit poli ... oval:org.secpod.oval:def:81122 This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: Reporting of active policies when Windows Firewall service starts. Changes to Windows ... oval:org.secpod.oval:def:81121 This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the Authentication Policy Change subcategory. Removal of user rights (pr ... oval:org.secpod.oval:def:81120 This policy setting allows you to audit changes to user accounts. Events include the following: A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. A user accounts password is set or changed. A security identifier (SID) is added to the SID Hi ... oval:org.secpod.oval:def:81126 This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function. Events in this subcategory incl ... oval:org.secpod.oval:def:81125 This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events: Startup and shutdown of the computer. Change of system time. Recovering the system from CrashOnAuditFail, which is logged after a system restarts when t ... oval:org.secpod.oval:def:81124 This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out. If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful ... oval:org.secpod.oval:def:81123 This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included: The Windows Firewall Service blocks an application from accepting incoming connections on the network. The WFP allows a connection. ... oval:org.secpod.oval:def:81119 This policy setting allows you to audit any of the following events: Startup and shutdown of the Windows Firewall service and driver. Security policy processing by the Windows Firewall Service. Cryptography key file and migration operations. Volume: Low. Default: Success, Failure. Co ... oval:org.secpod.oval:def:81118 This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following: The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration. The Pas ... oval:org.secpod.oval:def:81117 This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations. AD CS operations include the following: AD CS startup/shutdown/backup/restore. Changes to the certificate revocation list (CRL). New certificate requests. Issuing of a certificate. R ... oval:org.secpod.oval:def:81116 This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers. Volume: High. Default: No Auditing. Counter Measure: Enable Audit policy settings that support the organizational security policy for all the ... oval:org.secpod.oval:def:81111 This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audit ... oval:org.secpod.oval:def:81110 This policy setting allows you to audit other logon/logoff-related events that are not covered in the Logon/Logoff policy setting such as the following: Terminal Services session disconnections. New Terminal Services sessions. Locking and unlocking a workstation. Invoking a screen sa ... oval:org.secpod.oval:def:81115 This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Speci ... oval:org.secpod.oval:def:81114 This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted. If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record suc ... oval:org.secpod.oval:def:81113 This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audit ... oval:org.secpod.oval:def:81112 This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: Events that could not be written to the event log because of a problem with the auditing system. A process that uses a local procedure call (LPC) port that is not vali ... oval:org.secpod.oval:def:92689 This policy setting controls whether or not users can override the SHA256 security validation in the Windows Package Manager settings. Users should not have the ability to override SHA256 security validation. The recommended state for this setting is: Disabled .Fix:(1) GPO: Computer Configuration\Po ... oval:org.secpod.oval:def:92688 This policy setting specifies if the Domain Name System (DNS) client will perform nameresolution over Network Basic Input-Output System (NetBIOS). NetBIOS is a legacy name resolution method for internal Microsoft networking that predates the use of DNS for that purpose (Pre-Active Directory). Some l ... oval:org.secpod.oval:def:92681 This policy setting turns off toast notifications on the lock screen.If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen.If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can be ... oval:org.secpod.oval:def:92680 This policy setting controls which protocols incoming Remote Procedure Call (RPC) connections to the print spooler are allowed to use.The recommended state for this setting is: Enabled: Negotiate or higher.Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC l ... oval:org.secpod.oval:def:92683 This policy setting controls which protocol and protocol settings to use for outgoing Remote Procedure Call (RPC) connections to a remote print spooler.The recommended state for this setting is: Enabled: Default Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\Printers\Configure ... oval:org.secpod.oval:def:92682 Configures password parameters Password complexity: which characters are used when generating a new password Default: Large letters + small letters + numbers + special characters Password length Minimum: 8 characters Maximum: 64 characters Default: 14 characters Password age in ... oval:org.secpod.oval:def:92685 This policy setting controls which protocol and protocol settings to use for outgoing Remote Procedure Call (RPC) connections to a remote print spooler.The recommended state for this setting is: Enabled: RPC over TCP Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\Printers\Conf ... oval:org.secpod.oval:def:92684 This policy setting determines whether Redirection Guard is enabled for the print spooler. Redirection Guard can prevent file redirections from being used within the print spooler.The recommended state for this setting is: Enabled: Redirection Guard Enabled Fix:(1) GPO: Computer Configuration\Polici ... oval:org.secpod.oval:def:92687 Disabling this setting turns off search highlights in the taskbar search box and in search home. Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.Fix:(1) GPO: Computer Configuration/Administrative Templates/Windows Components/Search/Al ... oval:org.secpod.oval:def:92686 This policy setting controls whether user have access to the Windows Package Manager. Windows Package Manager is a package manager solution that consists of a command line tool and set of services for installing applications on Microsoft Windows Server 2019 (or newer).The recommended state for this ... oval:org.secpod.oval:def:92690 This policy setting controls whether users can install packages from a website that is using the ms-appinstaller protocol. The ms-appinstaller protocol allows users to install an application by clicking a link on a website.The recommended state for this setting is: Disabled .Fix:(1) GPO: Computer Co ... oval:org.secpod.oval:def:92692 This policy setting controls which protocols incoming Remote Procedure Call (RPC) connections to the print spooler are allowed to use.The recommended state for this setting is: Enabled: RPC over TCP.Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC listener ... oval:org.secpod.oval:def:92691 This policy setting controls whether user have access to the Windows Package Manager. Windows Package Manager is a package manager solution that consists of a command line tool and set of services for installing applications on Microsoft Windows Server 2019 (or newer).The recommended state for this ... oval:org.secpod.oval:def:92694 This policy setting manages how queue-specific files are processed during printer installation. At printer installation time, a vendor-supplied installation application can specify a set of files, of any type, to be associated with a particular print queue. The files are downloaded to each client th ... oval:org.secpod.oval:def:92693 This policy setting controls packet level privacy for Remote Procedure Call (RPC)incoming connections.Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\MS Security Guide\Configure RPC packet level privacy setting for incoming connections(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentC ... oval:org.secpod.oval:def:92695 This policy setting determines whether User Interface (UI) Automation client applications running on the local computer can access UI elements on the server.UI Automation gives programs access to most UI elements, which lets you use assistive technology products like Magnifier and Narrator that need ... oval:org.secpod.oval:def:92678 This policy setting controls the configuration under which the Local Security Authority Subsystem Service (LSASS) will load custom Security Support Provider/Authentication Package (SSP/AP). The recommended state for this setting is: Disabled . Fix: (1) GPO: Computer Configuration\Policies\Administ ... oval:org.secpod.oval:def:92677 This policy setting controls the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g. Windows Hello for Business, se ... oval:org.secpod.oval:def:92679 This policy setting controls which port is used for RPC over TCP for incoming connections to the print spooler and outgoing connections to remote print spoolers.The recommended state for this setting is: Enabled: 0.Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\Printers\Config ... oval:org.secpod.oval:def:81191 This security setting determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are ... oval:org.secpod.oval:def:81190 This policy setting determines the number of days that you must use a password before you can change it. The range of values for this policy setting is between 1 and 999 days. (You may also set the value to 0 to allow immediate password changes.) The default value for this setting is 0 days. Count ... oval:org.secpod.oval:def:81195 This security setting determines which accounts are prevented from being able to log on as a batch job. This policy setting supersedes the Log on as a batch job policy setting if a user account is subject to both policies. Default: None Counter Measure: Assign the Deny log on as a batch job u ... oval:org.secpod.oval:def:81194 This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator exp ... oval:org.secpod.oval:def:81193 This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less ... oval:org.secpod.oval:def:81192 This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separ ... oval:org.secpod.oval:def:81188 This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. Important If you apply this security policy to the Everyone group, no one will be able to lo ... oval:org.secpod.oval:def:81187 This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be ena ... oval:org.secpod.oval:def:81186 This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords are not reused ... oval:org.secpod.oval:def:81185 This security setting determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can ... oval:org.secpod.oval:def:81189 This security setting determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causi ... oval:org.secpod.oval:def:81180 This security setting determines which users can use performance monitoring tools to monitor the performance of non system processes. Default: Administrators, Power users. Counter Measure: Ensure that only the local Administrators group is assigned the Profile single process user right. Pote ... oval:org.secpod.oval:def:81184 This security setting determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. Defau ... oval:org.secpod.oval:def:81183 This security setting determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is sim ... oval:org.secpod.oval:def:81182 This security setting determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution Assigning this user right can be a security risk. Since owners of objects have full ... oval:org.secpod.oval:def:81181 This security setting determines which users who are logged on locally to the computer can shut down the operating system using the Shut Down command. Misuse of this user right can result in a denial of service. Default on Workstations: Administrators, Backup Operators, Users. Default on Servers: ... oval:org.secpod.oval:def:81177 This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution Assigning this user right can be a ... oval:org.secpod.oval:def:81176 This privilege determines which user accounts can increase or decrease the size of a processs working set. Default: Users The working set of a process is the set of memory pages currently visible to the process in physical RAM memory. These pages are resident and available for an application to u ... oval:org.secpod.oval:def:81175 This security setting determines how often a domain member will attempt to change its computer account password. Default: 30 days. By default, domain members automatically change their domain passwords every 30 days. If you increase this interval significantly or set it to 0 so that the computers ... oval:org.secpod.oval:def:81174 This security setting determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. Default: Guest Counter Measure: Assign the Deny access ... oval:org.secpod.oval:def:81179 This security setting determines whether to disconnect users who are connected to the local computer outside their user accounts valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB server to be forcibl ... oval:org.secpod.oval:def:81178 This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. Default: Non ... oval:org.secpod.oval:def:81199 This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders ... oval:org.secpod.oval:def:81198 Determines which users can log on to the computer. Important Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (http://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft websit ... oval:org.secpod.oval:def:81197 This privilege determines who can change the maximum memory that can be consumed by a process. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. Note: This privilege is useful for system tuning, but i ... oval:org.secpod.oval:def:81196 This security setting determines whether a different account name is associated with the security identifier (SID) for the account Guest Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. ... oval:org.secpod.oval:def:81151 This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies. Note: This security setting does not apply to the System, Local Service, or ... oval:org.secpod.oval:def:81150 This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In ... oval:org.secpod.oval:def:81149 This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the users password for authentication purposes. Storing passwords using reversible encryption is ess ... oval:org.secpod.oval:def:81144 This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. If you configure this policy setting, an audit event is generated when a handle is manipulated. Suc ... oval:org.secpod.oval:def:81143 This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the ob ... oval:org.secpod.oval:def:81142 This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following: Trusted Platform Module (TPM) configuration changes. Kernel-mode cryptographic self tests. Cryptographic provider operation ... oval:org.secpod.oval:def:81141 This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to aut ... oval:org.secpod.oval:def:81148 This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities. Counter Measure: Configure this user right so that no account ... oval:org.secpod.oval:def:81147 This subcategory reports events generated by the Kerberos Authentication Server. These events occur on the computer that is authoritative for the credentials. Events for this subcategory include: - 4768: A Kerberos authentication ticket (TGT) was requested. - 4771: Kerberos pre-authentication failed ... oval:org.secpod.oval:def:81146 This subcategory reports events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. Auditing this setting will result in a medium or high volume of records on NPS and IAS servers. Events for thi ... oval:org.secpod.oval:def:81145 This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share ... oval:org.secpod.oval:def:81140 This policy setting allows you to audit events generated when a process ends. If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy settin ... oval:org.secpod.oval:def:81139 This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events. Note: The Audit: Audit the access of global system objects policy setting controls the ... oval:org.secpod.oval:def:81138 This policy setting allows you to audit events generated by changes to the authentication policy such as the following: Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Confi ... oval:org.secpod.oval:def:81133 This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful a ... oval:org.secpod.oval:def:81132 This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only fai ... oval:org.secpod.oval:def:81131 This policy setting allows you to audit inbound remote procedure call (RPC) connections. If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do ... oval:org.secpod.oval:def:81130 This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. Only AD DS objects with a matching system access control list (SACL) are logged. Events in this subcategory are similar to the Directory Service Access events available in ... oval:org.secpod.oval:def:81137 This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: IPsec services status. Changes to IPsec policy settings. Changes to Windows Firewall policy settings. Changes to WFP providers and engine. If you confi ... oval:org.secpod.oval:def:81136 This policy setting allows you to audit events generated by changes to distribution groups such as the following: Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. If you configure this policy se ... oval:org.secpod.oval:def:81135 This policy setting allows you to audit events generated by changes to security groups such as the following: Security group is created, changed, or deleted. Member is added or removed from a security group. Group type is changed. If you configure this policy setting, an audit event is ... oval:org.secpod.oval:def:81134 This policy setting allows you to audit packets that are dropped by Windows Filtering Platform (WFP). Volume: High. Counter Measure: Enable Audit policy settings that support the organizational security policy for all the computers in your organization. Identify the components that you need f ... oval:org.secpod.oval:def:81173 Assigning this privilege to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a serv ... oval:org.secpod.oval:def:81172 This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ... oval:org.secpod.oval:def:81171 This security setting determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access mem ... oval:org.secpod.oval:def:81170 This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. Default: 7 on domain controllers. 0 on sta ... oval:org.secpod.oval:def:81166 This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or unde ... oval:org.secpod.oval:def:81165 This security setting determines whether passwords must meet complexity requirements. If this policy is enabled, passwords must meet the following minimum requirements: Not contain the users account name or parts of the users full name that exceed two consecutive characters * Be at least six chara ... oval:org.secpod.oval:def:81164 This policy setting allows accounts to launch network services or to register a process as a service running on the system. This user right should be restricted on any computer in a high security environment, but because many applications may require this privilege, it should be carefully evaluated ... oval:org.secpod.oval:def:81163 This security setting determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy ... oval:org.secpod.oval:def:81169 This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. Counter Measure: Assign the Deny ... oval:org.secpod.oval:def:81168 This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kerne ... oval:org.secpod.oval:def:81167 This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operat ... oval:org.secpod.oval:def:81162 This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows. For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an ... oval:org.secpod.oval:def:81161 This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computers system time plus the time zone offset. System time itself is absolute and is not affected by a change in the time zone. This user right is defined i ... oval:org.secpod.oval:def:81160 This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other user ... oval:org.secpod.oval:def:81155 This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. Default on workstations and ser ... oval:org.secpod.oval:def:81154 This security setting determines which users can use performance monitoring tools to monitor the performance of system processes. Default: Administrators. Counter Measure: Ensure that only the local Administrators group is assigned the Profile system performance user right. Potential Impact: ... oval:org.secpod.oval:def:81153 This security setting determines whether a user can undock a portable computer from its docking station without logging on. If this policy is enabled, the user must log on before removing the portable computer from its docking station. If this policy is disabled, the user may remove the portable co ... oval:org.secpod.oval:def:81152 This security setting determines which users or groups have permission to log on as a Remote Desktop Services client. Default: On workstation and servers: Administrators, Remote Desktop Users. On domain controllers: Administrators. Important This setting does not have any effect on Windows 2000 ... oval:org.secpod.oval:def:81159 This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time ... oval:org.secpod.oval:def:81158 This privilege determines if the user can create a symbolic link from the computer he is logged on to. Default: Administrator WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that arent designed to handle them. Note ... oval:org.secpod.oval:def:81157 This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users. For information about how to ... oval:org.secpod.oval:def:81156 This user right determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. This user right is defined in the Default Domain Co ... oval:org.secpod.oval:def:91039 If the Password protect the screen saver setting is enabled, then all screen savers are password protected, if it is disabled then password protection cannot be set on any screen saver. If this setting is enabled, then all screen savers are password protected. Fix: (1) GPO: User Configuration\Admi ... oval:org.secpod.oval:def:91038 This policy setting removes the Spotlight collection setting in Personalization, rendering the user unable to select and subsequently download daily images from Microsoft to desktop. If you enable this policy, "Spotlight collection" will not be available as an option in Personalization settings. If ... oval:org.secpod.oval:def:91033 This policy setting lets you prevent Windows from using diagnostic data to provide tailored experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device (this data may include browser, app and feature usage, depending on the "diagnostic data" set ... oval:org.secpod.oval:def:91035 This policy setting lets you turn off all Windows Spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimi ... oval:org.secpod.oval:def:91034 This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. If you enable this policy setting, users cannot participate in ... oval:org.secpod.oval:def:91037 This policy setting allows you to prevent Windows Media Player from downloading codecs. If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not ... oval:org.secpod.oval:def:91036 Antivirus programs are mandatory in many environments and provide a strong defense against attack. The Notify antivirus programs when opening attachments setting allows you to manage how registered antivirus programs are notified. When enabled, this policy setting configures Windows to call the reg ... oval:org.secpod.oval:def:81229 This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online. If you enable this policy setting, the task "Order Prints Online" ... oval:org.secpod.oval:def:81228 This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online. If you disabl ... oval:org.secpod.oval:def:81227 This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this policy setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard causes the wizard to exi ... oval:org.secpod.oval:def:81226 Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error rep ... oval:org.secpod.oval:def:91040 If you enable this policy, Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips will no longer suggest apps and content from third-party software publishers. Users may still see suggestions and tips to make them more productive with Microsoft features a ... oval:org.secpod.oval:def:81221 This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device. NOTE: To enable the "Allow ... oval:org.secpod.oval:def:81220 Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot, and can optionally be enabled with the use of DMA Protections. DMA protections require ... oval:org.secpod.oval:def:81225 Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples wi ... oval:org.secpod.oval:def:81224 This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers. If you enable this policy setting, the system waits until the current user logs off the system before updating the com ... oval:org.secpod.oval:def:81223 This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue experiences). If you enable this policy setting, the Windows device is discoverable by other Windows devices that belong to the same user, and can participate in cross-device ex ... oval:org.secpod.oval:def:81222 This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device. NOTE: To ... oval:org.secpod.oval:def:91049 This security setting determines whether the domain controller bypasses secure RPC for Netlogon secure channel connections for specified machine accounts. When deployed, this policy should be applied to all domain controllers in a forest by enabling the policy on the domain controllers OU. When th ... oval:org.secpod.oval:def:91042 This policy setting lets you configure Windows spotlight on the lock screen. If you enable this policy setting, "Windows spotlight" will be set as the lock screen provider and users will not be able to modify their lock screen. "Windows spotlight" will display daily images from Microsoft on the loc ... oval:org.secpod.oval:def:91041 If the Screen Saver Timeout setting is enabled, then the screen saver will be launched when the specified amount of time has passed since the last user action. Valid values range from 1 to 89,400 seconds (24 hours). The setting has no effect if the wait time is set to zero or no screen saver has bee ... oval:org.secpod.oval:def:91044 This setting determines whether the LDAP server (Domain Controller) enforces validation of Channel Binding Tokens (CBT) received in LDAP bind requests that are sent over SSL/TLS (i.e. LDAPS). For more information, see https://support.microsoft.com/help/4034879 . Some important points: * Before con ... oval:org.secpod.oval:def:91043 This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to shar ... oval:org.secpod.oval:def:91046 This security setting determines which users and groups have the authority to synchronize all directory service data. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment!Synchronize directory service data (2) WMI: root\rsop\computer#RSOP_U ... oval:org.secpod.oval:def:91045 Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication pro ... oval:org.secpod.oval:def:91048 This policy setting determines whether members of the Server Operators group are allowed to submit jobs by means of the AT schedule facility. The impact of this policy setting configuration should be small for most organizations. Users, including those in the Server Operators group, will still be ab ... oval:org.secpod.oval:def:91047 This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges. When configuring a user right in the SCM enter a comma ... oval:org.secpod.oval:def:81218 Encryption Oracle Remediation This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection). Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy controls compatibility with vulnerable ... oval:org.secpod.oval:def:81217 This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications fr ... oval:org.secpod.oval:def:81216 This policy controls whether the print spooler will accept client connections. When the policy is unconfigured or enabled, the spooler will always accept client connections. When the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers ... oval:org.secpod.oval:def:81215 This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireles ... oval:org.secpod.oval:def:91051 Loads files to memory for later printing Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Print Spooler (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Spooler!Start oval:org.secpod.oval:def:81219 Remote host allows delegation of non-exportable credentials When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host s ... oval:org.secpod.oval:def:91050 This policy allows you to audit the group membership information in the user logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a ne ... oval:org.secpod.oval:def:81210 Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ... oval:org.secpod.oval:def:81214 This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives. Additional ... oval:org.secpod.oval:def:81213 This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resour ... oval:org.secpod.oval:def:81212 This policy setting determines whether to require domain users to elevate when setting a network's location. If you enable this policy setting, domain users must elevate when setting a network's location. If you disable or do not configure this policy setting, domain users can set a network's loca ... oval:org.secpod.oval:def:81211 Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, ... oval:org.secpod.oval:def:81250 This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. Note: Only one of the additi ... oval:org.secpod.oval:def:81249 This policy setting specifies the constraints for passwords used to unlock BitLocker-protected operating system drives. If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the ... oval:org.secpod.oval:def:81248 This policy setting allows you to manage BitLocker's use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent readin ... oval:org.secpod.oval:def:81243 This policy setting allows you to specify whether the Windows NTP Server is enabled. If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers. If you disable or do not configure this policy setting, your computer cannot service NTP ... oval:org.secpod.oval:def:81242 This policy setting specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider. If you enable this policy ... oval:org.secpod.oval:def:81241 This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals. If you enable this policy setting, users can use MSDT to collect and send diagnostic data to a support pro ... oval:org.secpod.oval:def:81240 This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this ... oval:org.secpod.oval:def:81247 This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For ... oval:org.secpod.oval:def:81246 This policy setting allows you to manage BitLocker's use of hardware-based encryption on fixed data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or w ... oval:org.secpod.oval:def:81245 This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy sett ... oval:org.secpod.oval:def:81244 Manages non-Administrator users' ability to install Windows app packages. If you enable this policy, non-Administrators will be unable to initiate installation of Windows app packages. Administrators who wish to install an app will need to do so from an Administrator context (for example, an Admin ... oval:org.secpod.oval:def:81239 This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy ... oval:org.secpod.oval:def:81238 This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. If you disable or do not configure this polic ... oval:org.secpod.oval:def:81237 This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. If you disable or do not configure this polic ... oval:org.secpod.oval:def:81232 Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note: this policy does not apply to 1394, PCMCIA or ExpressCard devices. Fix: (1) GPO: Computer Configuration\Admin ... oval:org.secpod.oval:def:81231 Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts. This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the dev ... oval:org.secpod.oval:def:81230 This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect yo ... oval:org.secpod.oval:def:81236 This policy setting determines whether published User Activities can be uploaded. If you enable this policy setting, activities of type User Activity are allowed to be uploaded. If you disable this policy setting, activities of type User Activity are not allowed to be uploaded. Deletion of activitie ... oval:org.secpod.oval:def:81235 This policy setting determines whether Clipboard contents can be synchronized across devices. If you enable this policy setting, Clipboard contents are allowed to be synchronized across devices logged in under the same Microsoft account or Azure AD account. If you disable this policy setting, Clipbo ... oval:org.secpod.oval:def:81234 This policy prevents the user from showing account details (email address or user name) on the sign-in screen. If you enable this policy setting, the user cannot choose to show account details on the sign-in screen. If you disable or do not configure this policy setting, the user may choose to sho ... oval:org.secpod.oval:def:81233 This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account. Note this does not affect the availability of user input methods on the lock screen or with t ... oval:org.secpod.oval:def:81207 This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysi ... oval:org.secpod.oval:def:81206 This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download fo ... oval:org.secpod.oval:def:81205 Specifies that link local multicast name resolution (LLMNR) is disabled on client computers. LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet ... oval:org.secpod.oval:def:81204 Specifies if the DNS client will perform name resolution over DNS over HTTPS (DoH). By default, the DNS client will do classic DNS name resolution (over UDP or TCP). This setting can enhance the DNS client to use DoH protocol to resolve domain names. To use this policy setting, click Enabled, and ... oval:org.secpod.oval:def:81209 This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working. Peer-to-Peer protocols allow for applications in the areas of RTC, collaboration, content distribution and distributed processing. If you enable this settin ... oval:org.secpod.oval:def:81208 This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ... oval:org.secpod.oval:def:81203 Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. Fix: (1) GPO: Computer Configuration\Administrative Templates\Control Panel\Allow Online Tips (2) REG: HKEY_LOCAL_ ... oval:org.secpod.oval:def:81202 This policy setting allows you to restrict remote RPC connections to SAM. The recommended state for this setting is: Administrators: Remote Access: Allow . Note: A Windows 10 R1607, Server 2016 or newer OS is required to access and set this value in Group Policy. Note 2: If your organiza ... oval:org.secpod.oval:def:81201 This policy setting determines whether the minimum password length setting can be increased beyond the legacy limit of 14 characters. The recommended state for this setting is: Enabled . Note: This setting only affects local accounts on the computer. Domain accounts are only affected by se ... oval:org.secpod.oval:def:81200 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. The recommended state ... oval:org.secpod.oval:def:80777 This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. If you disable this policy setting, the user is not pr ... oval:org.secpod.oval:def:80778 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Counter Measure: Configure this policy setting to Yes. Potential Impa ... oval:org.secpod.oval:def:80775 This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. Counter Measure: Disable this setting to override firewall rules created locally by administrators. Potential Impact: If you co ... oval:org.secpod.oval:def:80776 This policy setting allows you to configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives. Secure Boot ensures that the PCs pre-boot environment only loads firmware that is digitally signed by authorized software publishers. Secure ... oval:org.secpod.oval:def:80779 This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. If you enable or do not configure this setting, the antimalware service will load as a normal priority task. If you di ... oval:org.secpod.oval:def:80770 This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication request ... oval:org.secpod.oval:def:80773 This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. Counter Measure: Disable this setting to override firewall rules created locally by administrators. Potential Impac ... oval:org.secpod.oval:def:80774 This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages. Counter Measure: Disable this setting to prevent the client from receiving unicast responses. Potential Impact: If you enable this setting and thi ... oval:org.secpod.oval:def:80771 MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds Counter Measure: Configure the MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (300,000 is recommended) entry to a value of 300000 or 5 minutes. The possible values for this registry entry ... oval:org.secpod.oval:def:80772 This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to requi ... oval:org.secpod.oval:def:80766 Enabling this security option makes the Recovery Console SET command available, which allows you to set the following Recovery Console environment variables: AllowWildCards: Enable wildcard support for some commands (such as the DEL command). AllowAllPaths: Allow access to all files and folders on ... oval:org.secpod.oval:def:80767 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Counter Measure: Configure this policy setting to Yes. Poten ... oval:org.secpod.oval:def:80764 If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. Sending unencrypted passwords is a security risk. Default: Disabled Counter Measure: ... oval:org.secpod.oval:def:80765 The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that appropriate recovery password backup policies are enabled. This security setting determines the number of failed logon attempts that causes the machine to be locke ... oval:org.secpod.oval:def:80768 This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not conf ... oval:org.secpod.oval:def:80769 By default, users can add their computer to a homegroup on a home network. If you enable this policy setting, a user on this computer will not be able to add this computer to a homegroup. This setting does not affect other network sharing features. If you disable or do not configure this ... oval:org.secpod.oval:def:80762 This policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller. This policy does not affect interactive logon to this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Block events are recorded on this computer in ... oval:org.secpod.oval:def:80763 This policy setting allows you to specify the search server that Windows uses to find updates for device drivers. If you enable this policy setting, you can select whether Windows searches Windows Update (WU), searches a Managed Server, or a combination of both. Note: that if both are spec ... oval:org.secpod.oval:def:80760 Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note: When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notificat ... oval:org.secpod.oval:def:80761 This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. Counter Measure: Disable this setting to override firewall rules created locally by administrators. Potential Impact: If you co ... oval:org.secpod.oval:def:80799 This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX. If this setting is enabled, case insensitivity is enforced for all directory object ... oval:org.secpod.oval:def:80797 This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ... oval:org.secpod.oval:def:80798 This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. Counter Me ... oval:org.secpod.oval:def:80791 This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. If you enable this policy setting, Windows uses standby states to put the computer in a sleep state. If you disable or do not configure this policy setting, the only slee ... oval:org.secpod.oval:def:80792 This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computers keyboard. Default: Enabled. ... oval:org.secpod.oval:def:80790 This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channe ... oval:org.secpod.oval:def:80795 This policy setting determines the default consent behavior of Windows Error Reporting. If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy sett ... oval:org.secpod.oval:def:80796 This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility. If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers ... oval:org.secpod.oval:def:80793 MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes Counter Measure: Configure the MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes entry to a value of Disabled. The possible values for this registry entry are: ? 1 or 0. The ... oval:org.secpod.oval:def:80794 MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning Counter Measure: Configure the MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning entry to a value of 90. The possibl ... oval:org.secpod.oval:def:80788 This security setting determines if users private keys require a password to be used. The options are: User input is not required when new keys are stored and used User is prompted when the key is first used User must enter a password each time they use a key For more information, see Public key i ... oval:org.secpod.oval:def:80789 This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services ... oval:org.secpod.oval:def:80786 MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) Counter Measure: Configure the MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) entry to a value of 3. The possib ... oval:org.secpod.oval:def:80787 This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted. If a system is set to always encrypt or sign secure channel data, it cannot establish a secure channel with a domain controller that is not capable of signing or encr ... oval:org.secpod.oval:def:80780 This policy setting controls whether the elevation request prompt is displayed on the interactive users desktop or the secure desktop. The options are: * Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard ... oval:org.secpod.oval:def:80781 This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy setting, a domain user cant set up or sign in with a picture password. If you disable or dont configure this policy setting, a domain user can set up and use a pi ... oval:org.secpod.oval:def:80784 Specifies whether Events.asp hyperlinks are available for events within the Event Viewer application. The Event Viewer normally makes all HTTP(S) URLs into hot links that activate the Internet browser when clicked. In addition, More Information is placed at the end of the description text if th ... oval:org.secpod.oval:def:80785 This policy setting allows users to enable authentication options that require user input from the pre-boot environment even if the platform indicates lack of pre-boot input capability. The Windows on-screen touch keyboard (such as used by slates) is not available in the pre-boot environment wh ... oval:org.secpod.oval:def:80782 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client. If you enable this policy setting, the WinRM service will accept Basic authentication from a remote client. If you disable or do not configure t ... oval:org.secpod.oval:def:80783 This policy setting allows you to configure IP Stateless Autoconfiguration Limits. If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes. If you disable this polic ... oval:org.secpod.oval:def:80755 This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. Default: This policy is not de ... oval:org.secpod.oval:def:80756 This policy setting turns off the Windows Location Provider feature for this computer. Counter Measure: Enable this policy setting. Potential Impact: If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be ... oval:org.secpod.oval:def:80754 This security setting determines whether 128-bit key strength is required for encrypted secure channel data. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller w ... oval:org.secpod.oval:def:80759 This policy setting determines how far in advance users are warned that their password will expire. Microsoft recommends that you configure this policy setting to 14 days to sufficiently warn users when their passwords will expire. Determines how far in advance (in days) users are warned that their ... oval:org.secpod.oval:def:80757 This policy setting controls the level of validation a computer with shared folders or printers (the server) performs on the service principal name (SPN) that is provided by the client computer when it establishes a session using the server message block (SMB) protocol. The server message block (SM ... oval:org.secpod.oval:def:80758 This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system will automat ... oval:org.secpod.oval:def:80818 This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operational Log located under the Applications and Services Log/Microsoft/Windows/NTLM. Counter ... oval:org.secpod.oval:def:80819 This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. The options are: No Action Lock Workstation Force Logoff Disconnect if a Remote Desktop Services session If you click Lock Workstation in the Properties dialog box fo ... oval:org.secpod.oval:def:80816 This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker. The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify ... oval:org.secpod.oval:def:80817 This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery. If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery. If you di ... oval:org.secpod.oval:def:80810 MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) Counter Measure: Configure the MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) entry to a value of Disabled. The po ... oval:org.secpod.oval:def:80811 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Counter Measure: Configure this policy setting to Yes. Poten ... oval:org.secpod.oval:def:80814 MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) Counter Measure: Configure the MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) entry to a value of 0. The possible ... oval:org.secpod.oval:def:80815 This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when SSL (TLS 1.0) is used to secure communicat ... oval:org.secpod.oval:def:80812 This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. If you enable thi ... oval:org.secpod.oval:def:80813 MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) Counter Measure: Configure the MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) ent ... oval:org.secpod.oval:def:80807 This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off: Roaming user profiles to which the Delete cached copies of ro ... oval:org.secpod.oval:def:80808 This security setting determines which registry keys can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key. Default: System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications ... oval:org.secpod.oval:def:80805 This policy setting allows you to configure definition updates on startup when there is no antimalware engine present. If you enable or do not configure this setting, definition updates will be initiated on startup when there is no antimalware engine present. If you disable this setting, d ... oval:org.secpod.oval:def:80806 MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) Counter Measure: Configure the MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) entry to a value of Highest protection, source routing is compl ... oval:org.secpod.oval:def:80809 MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended) Counter Measure: Enable this setting. Potential Impact: Users will need to retype their password each time a dial-up connection is made. Fix: (1) GPO: Computer Configuration\Administrative Templates\M ... oval:org.secpod.oval:def:80800 This policy setting prevents computers from establishing multiple simultaneous connections to either the Internet or to a Windows domain. Counter Measure: Enable this policy setting. Potential Impact: If this policy setting is enabled, when the computer has at least one active connection ... oval:org.secpod.oval:def:80803 This policy setting determines whether the account name of the last user to log on to the client computers in your organization can display in each computers respective Windows logon screen. If you enable this policy setting, intruders cannot collect account names visually from the screens of deskto ... oval:org.secpod.oval:def:80804 This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not conf ... oval:org.secpod.oval:def:80801 MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) Counter Measure: Configure the MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) entry to a value of Highest protection, source routing is ... oval:org.secpod.oval:def:80802 This security setting determines what additional permissions are granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrat ... oval:org.secpod.oval:def:80838 This security setting determines how network logons that use local accounts are authenticated. If this setting is set to Classic, network logons that use local account credentials authenticate by using those credentials. The Classic model allows fine control over access to resources. By using the Cl ... oval:org.secpod.oval:def:80839 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Digest authentication. If you enable this policy setting, the WinRM client will not use Digest authentication. If you disable or do not configure this policy setting, the WinRM client ... oval:org.secpod.oval:def:80832 MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged Counter Measure: Enable and configure this setting. Potential Impact: Incorrect configuration can lead to DoS attacks having a larger affect on the server. Fix: (1) GPO: Comp ... oval:org.secpod.oval:def:80833 This policy setting allows you to configure whether or not to display AM UI to the users. If you enable this setting AM UI wont be available to users. Counter Measure: Configure this setting depending on your organizations requirements. Potential Impact: Users are able to access the ... oval:org.secpod.oval:def:80830 This setting lets you configure how domain joined computers become registered as devices. When you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory. Note: Additional requirements may apply on certain Windows SKUs. ... oval:org.secpod.oval:def:80831 MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames Counter Measure: Configure the MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) entry to a value of Enabled. The possible values for th ... oval:org.secpod.oval:def:80836 MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) Counter Measure: Configure the MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) entry to a value of Enabled. The possible values for this registry entry are: - 1 or 0. The default configuration for W ... oval:org.secpod.oval:def:80837 This security setting determines whether the SMB client attempts to negotiate SMB packet signing. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ... oval:org.secpod.oval:def:80834 MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) Counter Measure: Do not configure the MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) entry except on highly secure computers, where it should be configured to a value of Disabled. The possible values for this r ... oval:org.secpod.oval:def:80835 MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic Counter Measure: Do not configure the MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended) entry except on computers that use IPsec filters, where this entry should be configured t ... oval:org.secpod.oval:def:80829 This security setting determines whether removable floppy media are accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable floppy media. If this policy is enabled and no one is logged on interactively, ... oval:org.secpod.oval:def:80827 This security setting determines which registry paths and subpaths can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key. Default: System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Even ... oval:org.secpod.oval:def:80828 This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting, no app notifications are displayed on the lock screen. If you disable or do not configure this policy setting, users can choose which apps display notifications ... oval:org.secpod.oval:def:80821 This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string r ... oval:org.secpod.oval:def:80822 This policy setting allows you to configure definition updates when the computer is running on battery power. If you enable or do not configure this setting, definition updates will occur as usual regardless of power state. If you disable this setting, definition updates will be turned off ... oval:org.secpod.oval:def:80820 This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if NTLMv2 prot ... oval:org.secpod.oval:def:80825 Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. If you disable or do not configure this setting, access to the Store application is allowed. Counter Measure: Enable this policy setting. Potential Impact: If ... oval:org.secpod.oval:def:80826 This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconn ... oval:org.secpod.oval:def:80823 This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled. If ... oval:org.secpod.oval:def:80824 MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) Counter Measure: Enable this setting. Potential Impact: The automatic detection Fix: (1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (EnableDeadGWDetect) Allow aut ... oval:org.secpod.oval:def:81298 Enable this policy to specify when to receive Feature Updates. Defer Updates | This enables devices to defer taking the next Feature Update available to your channel for up to 14 days for all the pre-release channels and up to 365 days for the Semi-Annual Channel. Or, if the device is updating from ... oval:org.secpod.oval:def:81297 Enable this policy to manage which updates you receive prior to the update being released to the world. Dev Channel Ideal for highly technical users. Insiders in the Dev Channel will receive builds from our active development branch that is earliest in a development cycle. These builds are not matc ... oval:org.secpod.oval:def:81296 This setting allows to remove access to "Pause updates" feature. Once enabled user access to pause updates is removed. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\Remove access to "Pause updates" feature (2) REG: HK ... oval:org.secpod.oval:def:81295 Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. Note: This policy does not apply to Windows RT. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enable ... oval:org.secpod.oval:def:81299 Enable this policy to specify when to receive quality updates. You can defer receiving quality updates for up to 30 days. To prevent quality updates from being received on their scheduled time, you can temporarily pause quality updates. The pause will remain in effect for 35 days or until you clea ... oval:org.secpod.oval:def:81272 Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section: - Block: the rule will be applied - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not ac ... oval:org.secpod.oval:def:81271 This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. You can choose to send basic or additional information about detec ... oval:org.secpod.oval:def:81270 This setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. This applies both to existing users of a device ... oval:org.secpod.oval:def:91075 Internet Protocol version 6 (IPv6) is a set of protocols that computers use to exchange information over the Internet and over home and business networks. IPv6 allows for many more IP addresses to be assigned than IPv4 did. Older networking, hosts and operating systems may not support IPv6 natively. ... oval:org.secpod.oval:def:91074 Sets the NetBIOS node type. When WINS servers are used, the default is hybrid (h), otherwise broadcast (b).This policy settings allows you to manage the computer's NetBIOS node type. The selected NetBIOS node type determines what methods NetBT will use to register and resolve names.If you enable thi ... oval:org.secpod.oval:def:81265 This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. The recommended state for this setting is: Enabled. By enabling this setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps. If ... oval:org.secpod.oval:def:81264 This policy setting controls whether additional diagnostic logs are collected when more information is needed to troubleshoot a problem on the device. Diagnostic logs are only sent when the device has been configured to send optional diagnostic data. By enabling this policy setting, diagnostic logs ... oval:org.secpod.oval:def:81263 This policy setting controls whether Windows records attempts to connect with the OneSettings service to the EventLog. If you enable this policy, Windows will record attempts to connect with the OneSettings service to the Microsoft\Windows\Privacy-Auditing\Operational EventLog channel. If you disa ... oval:org.secpod.oval:def:81262 This policy setting controls whether Windows attempts to connect with the OneSettings service. If you enable this policy, Windows will not attempt to connect with the OneSettings Service. If you disable or don't configure this policy setting, Windows will periodically attempt to connect with the O ... oval:org.secpod.oval:def:81269 This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Messaging\Allow Message Service Cloud Sync (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Messa ... oval:org.secpod.oval:def:81268 This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3). If you disable or do not configure this ... oval:org.secpod.oval:def:81267 This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed ... oval:org.secpod.oval:def:81266 Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. The following list shows the supported values: 0 = HTTP only, no peering. 1 = HTTP blended with peering behind the same NAT. 2 = HTTP blended with peering across a private grou ... oval:org.secpod.oval:def:81261 This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically ... oval:org.secpod.oval:def:81260 AllowCommercialDataPipeline controls whether Microsoft is a processor or controller for Windows diagnostic data collected from this device. If you enable this policy Microsoft will be the processor of Windows diagnostic data collected from the Windows device and the customer will be the controller. ... oval:org.secpod.oval:def:81259 If you turn this policy setting on, local users won't be able to set up and use security questions to reset their passwords. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Prevent the use of security questions for local accounts (2) REG ... oval:org.secpod.oval:def:81254 This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLock ... oval:org.secpod.oval:def:81253 This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting t ... oval:org.secpod.oval:def:81252 This policy setting allows you to manage BitLocker's use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading ... oval:org.secpod.oval:def:81251 This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy ... oval:org.secpod.oval:def:81258 This policy setting allows you to require a pin for pairing. If you set this to 'Never', a pin isn't required for pairing. If you set this to 'First Time', the pairing ceremony for new devices will always require a PIN. If you set this to 'Always', all pairings will require PIN. Fix: (1) GPO: ... oval:org.secpod.oval:def:81257 This policy setting lets you turn off cloud optimized content in all Windows experiences. If you enable this policy, Windows experiences that use the cloud optimized content client component, will instead present the default fallback content. If you disable or do not configure this policy, Windows ... oval:org.secpod.oval:def:81256 This policy setting allow the use of Camera devices on the machine. If you enable or do not configure this policy setting, Camera devices will be enabled. If you disable this property setting, Camera devices will be disabled. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windo ... oval:org.secpod.oval:def:81255 This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. The recommended state for this setting is: Enabled. Note: Some PCs may not be compatible with this policy if the system firmware enables DMA for newl ... oval:org.secpod.oval:def:81290 This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other applications that leverage the Win ... oval:org.secpod.oval:def:81294 Prevent users from making changes to the Exploit protection settings area in Windows Security. Enabled: Local users can not make changes in the Exploit protection settings area. Disabled: Local users are allowed to make changes in the Exploit protection settings area. Not configured: Same as D ... oval:org.secpod.oval:def:81293 This policy setting enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox. If you enable this policy setting, networking is done by creating a virtual switch on the host, and connects the Windows Sandbox to it via a virtu ... oval:org.secpod.oval:def:81292 This policy setting enables or disables clipboard sharing with the sandbox. If you enable this policy setting, copy and paste between the host and Windows Sandbox are permitted. If you disable this policy setting, copy and paste in and out of Sandbox will be restricted. If you do not configure t ... oval:org.secpod.oval:def:81291 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port. If you enable this policy setting, the WinRM service automatically listens on the network for requests o ... oval:org.secpod.oval:def:91053 This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. If you configure this policy setting, an audit event is generated each time an account access ... oval:org.secpod.oval:def:91052 This security setting determines whether domain controllers will refuse requests from member computers to change computer account passwords. By default, member computers change their computer account passwords every 30 days. If enabled, the domain controller will refuse computer account password cha ... oval:org.secpod.oval:def:91055 Turns off Windows Defender Real-Time Protection, and no more scans are scheduled.If you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwanted software.If you disable or do not configure this policy setting, by default W ... oval:org.secpod.oval:def:91054 This policy setting allows you to audit when plug and play detects an external device. The recommended state for this setting is to include: Success . Note: A Windows 10, Server 2016 or newer OS is required to access and set this value in Group Policy. Fix: (1) GPO: Computer Configuration\ ... oval:org.secpod.oval:def:91057 This policy setting allows you to manage whether or not screen savers run. If the Screen Saver setting is disabled screen savers do not run and the screen saver section of the Screen Saver tab in Display in Control Panel is disabled. If this setting is enabled a screen saver will run if the followin ... oval:org.secpod.oval:def:91056 This policy setting lets you control the redirection of location data to the remote computer in a Remote Desktop Services session.By default, Remote Desktop Services allows redirection of location data.If you enable this policy setting, users cannot redirect their location data to the remote compute ... oval:org.secpod.oval:def:91059 This policy setting lets you turn off cloud consumer account state content in all Windows experiences. If you enable this policy, Windows experiences that use the cloud consumer account state content client component, will instead present the default fallback content. If you disable or do not config ... oval:org.secpod.oval:def:91058 This policy setting allows you to configure how domain controllers handle Windows Hello for Business (WHfB) keys that are vulnerable to the Return of Coppersmith attack (ROCA) vulnerability.If you enable this policy setting the following options are supported:Ignore: during authentication the domain ... oval:org.secpod.oval:def:91060 Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Servi ... oval:org.secpod.oval:def:91062 This policy setting allows you to restrict users to a single remote Remote Desktop Services session.If you enable this policy setting, users who log on remotely using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the ... oval:org.secpod.oval:def:91061 This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.If you disable or do not configure this policy setting and a log file reaches its m ... oval:org.secpod.oval:def:81287 Allow Windows Ink Workspace Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Ink Workspace\Allow Windows Ink Workspace (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsInkWorkspace!AllowWindowsInkWorkspace oval:org.secpod.oval:def:81286 Allow suggested apps in Windows Ink Workspace Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Ink Workspace\Allow suggested apps in Windows Ink Workspace (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsInkWorkspace!AllowSuggestedAppsInWindo ... oval:org.secpod.oval:def:81285 Denies access to the retail catalog in the Microsoft Store, but displays the private store. If you enable this setting, users will not be able to view the retail catalog in the Microsoft Store, but they will be able to view apps in the private store. If you disable or don't configure this setting, ... oval:org.secpod.oval:def:81284 This policy setting determines whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don't configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to ... oval:org.secpod.oval:def:81289 This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through a ... oval:org.secpod.oval:def:81288 This policy setting allows Web-based programs to install software on the computer without notifying the user. If you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows t ... oval:org.secpod.oval:def:81283 Allow search and Cortana to search cloud sources like OneDrive and SharePoint Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cloud Search (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCloudSearch oval:org.secpod.oval:def:81282 This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer. If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download ... oval:org.secpod.oval:def:81281 This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services does not allow redirection of supported Plug and Play and Rem ... oval:org.secpod.oval:def:81280 This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remo ... oval:org.secpod.oval:def:91064 This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1,024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments. If you disable or do not con ... oval:org.secpod.oval:def:91063 This policy setting specifies whether to enable or disable tracking of responsiveness events.If you enable this policy setting, responsiveness events are processed and aggregated. The aggregated data will be transmitted to Microsoft through SQM.if you disable this policy setting, responsiveness even ... oval:org.secpod.oval:def:91065 This policy setting sets the Attack Surface Reduction rules.Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender Antiviru ... oval:org.secpod.oval:def:91068 System-wide Structured Exception Handler Overwrite Protection setting Fix:(1) GPO: Computer Configuration\Administrative Templates\Windows Components\EMET\System SEHOP(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings!SEHOP oval:org.secpod.oval:def:91067 This subcategory reports changes in audit policy including SACL changes. Events for this subcategory include: - 4715: The audit policy (SACL) on an object was changed. - 4719: System audit policy was changed. - 4902: The Per-user audit policy table was created. - 4904: An attempt was made to registe ... oval:org.secpod.oval:def:91069 Determines whether users that are not Administrators can install print drivers on this computer.By default, users that are not Administrators cant install print drivers on this computer.If you enable this setting or do not configure it, the system will limit installation of print drivers to Administ ... oval:org.secpod.oval:def:91071 This policy setting controls whether computers will show a warning and a security elevation prompt when users are updating drivers for an existing connection using Point and Print.The recommended state for this setting is: Enabled: Show warning and elevation prompt.Enabling Windows User Account Cont ... oval:org.secpod.oval:def:91070 This policy setting controls whether computers will show a warning and a security elevation prompt when users create a new printer connection using Point and Print.The recommended state for this setting is: Enabled: Show warning and elevation prompt.Enabling Windows User Account Control (UAC) for th ... oval:org.secpod.oval:def:91073 Disabling this setting disables server-side processing of the SMBv1 protocol. (Recommended.)Enabling this setting enables server-side processing of the SMBv1 protocol. (Default.)Changes to this setting require a reboot to take effect.For more information, see https://support.microsoft.com/kb/2696547 ... oval:org.secpod.oval:def:91072 Configures the SMB v1 client driver's start type.To disable client-side processing of the SMBv1 protocol, select the "Enabled" radio button, then select "Disable driver" from the dropdown.WARNING: DO NOT SELECT THE "DISABLED" RADIO BUTTON UNDER ANY CIRCUMSTANCES!For Windows 7 and Servers 2008, 2008R ... oval:org.secpod.oval:def:81276 This policy setting turns off real-time protection prompts for known malware detection. Microsoft Defender Antivirus alerts you when malware or potentially unwanted software attempts to install itself or to run on your computer. If you enable this policy setting, Microsoft Defender Antivirus wil ... oval:org.secpod.oval:def:81275 Enable or disable file hash computation feature. Enabled: When this feature is enabled Microsoft Defender will compute hash value for files it scans. Disabled: File hash value is not computed Not configured: Same as Disabled. Fix: (1) GPO: Computer Configuration\Administrative Templates\Win ... oval:org.secpod.oval:def:81274 Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. Enabled: Specify the mode in the Options section: -Blo ... oval:org.secpod.oval:def:81273 Exclude files and paths from Attack Surface Reduction (ASR) rules. Enabled: Specify the folders or files and resources that should be excluded from ASR rules in the Options section. Enter each rule on a new line as a name-value pair: - Name column: Enter a folder path or a fully qualified resource ... oval:org.secpod.oval:def:81279 If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Push To Install\Turn off Push To Install service (2) REG: HKEY_LOCAL_MACHI ... oval:org.secpod.oval:def:81278 This policy setting allows you to configure whether or not Watson events are sent. If you enable or do not configure this setting, Watson events will be sent. If you disable this setting, Watson events will not be sent. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Com ... oval:org.secpod.oval:def:81277 This policy setting allows you to configure script scanning. If you enable or do not configure this setting, script scanning will be enabled. If you disable this setting, script scanning will be disabled. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microso ... oval:org.secpod.oval:def:81331 This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon at ... oval:org.secpod.oval:def:81330 This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user ri ... oval:org.secpod.oval:def:81332 This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If ... oval:org.secpod.oval:def:81305 This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ... oval:org.secpod.oval:def:81304 This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to specify w ... oval:org.secpod.oval:def:81303 This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ... oval:org.secpod.oval:def:81308 Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. Enabled: Specify the mode in the Options section: -Block: Potentially unwanted software ... oval:org.secpod.oval:def:81307 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only op ... oval:org.secpod.oval:def:81302 This policy setting specifies whether Windows apps can be activated by voice while the system is locked. If you choose the "User is in control" option, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > ... oval:org.secpod.oval:def:81301 This policy setting controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product. If you enable this policy setting, users are not gi ... oval:org.secpod.oval:def:81300 This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings di ... oval:org.secpod.oval:def:81328 This policy setting allows you to set the encryption types that Kerberos is allowed to use. If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted. This policy is supporte ... oval:org.secpod.oval:def:81327 This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen. If this policy is enabled, the name of the last user to successfully log on is not displayed in the Logon Screen. . If this policy is disabled, the name of the last ... oval:org.secpod.oval:def:81326 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. The recommended state ... oval:org.secpod.oval:def:81325 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. The recommended state ... oval:org.secpod.oval:def:81329 This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password co ... oval:org.secpod.oval:def:81320 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. The recommended state ... oval:org.secpod.oval:def:81324 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The recommended state for this setting is: Allow (default) . Fix: (1) GPO: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ... oval:org.secpod.oval:def:81323 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The recommended state for this setting is: Allow (default) . Fix: (1) GPO: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ... oval:org.secpod.oval:def:81322 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The recommended state for this setting is: Block (default) . Fix: (1) GPO: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ... oval:org.secpod.oval:def:81321 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The recommended state for this setting is: Block (default) . Fix: (1) GPO: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ... oval:org.secpod.oval:def:81317 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The recommended state for this setting is: Allow (default) . Fix: (1) GPO: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ... oval:org.secpod.oval:def:81316 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The recommended state for this setting is: Block (default) . Fix: (1) GPO: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ... oval:org.secpod.oval:def:81319 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. The recommended state ... oval:org.secpod.oval:def:81318 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. The recommended state ... oval:org.secpod.oval:def:81310 This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Service ... oval:org.secpod.oval:def:80898 This policy setting allows you to manage whether a check for new virus and spyware definitions will occur immediately after service startup. If you enable this setting, a check for new definitions will occur after service startup. If you disable this setting or do not configure this settin ... oval:org.secpod.oval:def:80899 This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation. If you enable this policy setting, you will be able to add additional settings, remove the default settings, or both. If you disable this policy setting, the compu ... oval:org.secpod.oval:def:80896 This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature will be turned off, and all programs on this computer will not be able to use location information from the location feature. If you disable or do not configure thi ... oval:org.secpod.oval:def:80897 Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application will not offer updates to the latest version of Windows. If you disable or do not configure this setting the Store application will offer updates to the latest ... oval:org.secpod.oval:def:80890 Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate. Counter Measure: During hibernat ... oval:org.secpod.oval:def:80891 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network. If you disable or do not con ... oval:org.secpod.oval:def:80894 This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box. If you disable or do n ... oval:org.secpod.oval:def:80895 This security setting determines which subsystems can optionally be started up to support your applications. With this security setting, you can specify as many subsystems to support your applications as your environment demands. Default: POSIX. Note: When you configure this setting you specif ... oval:org.secpod.oval:def:80892 This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to requi ... oval:org.secpod.oval:def:80893 This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. Counter Measure: Disable this setting to override firewall rules created locally by administrators. Potential Impact: If you co ... oval:org.secpod.oval:def:80887 This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. If you disable or do not configure this policy setting, KMS client activation data w ... oval:org.secpod.oval:def:80888 MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) Counter Measure: Do not configure the MSS: (AutoShareWks) Enable Administrative Shares (not recommended except for highly secure environments) entry except on computers in highly secured enviro ... oval:org.secpod.oval:def:80885 This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under Get Insider builds, and enable users to make their devices available for downloading and installing Windows preview software. If you en ... oval:org.secpod.oval:def:80886 Enables management of password for local administrator account If you enable this setting, local administrator password is managed If you disable or not configure this setting, local administrator password is NOT managed Counter Measure: Enable this setting. Potential Impact: Lo ... oval:org.secpod.oval:def:80889 This entry appears as MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) in the Group Policy Object Editor. This entry causes TCP to adjust retransmission of SYN-ACKs. When you configure this entry, the overhead of incomplete transmissions in a connect request (SYN) attack is ... oval:org.secpod.oval:def:80880 This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. If you enalbe this setting, the Remote Desktop Client will use only software decoding. For example, if you have a problem that you suspect may be related to hard ... oval:org.secpod.oval:def:80883 This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client. If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the clients pre ... oval:org.secpod.oval:def:80884 Microsoft Passport for Work is an alternative method for signing into Windows using your Active Directory or Azure Active Directory account that can replace passwords, Smart Cards, and Virtual Smart Cards. If you enable or do not configure this policy setting, the device provisions Microsoft Pa ... oval:org.secpod.oval:def:80881 Enables or disables the automatic download of app updates on PCs running Windows 8. If you enable this setting, the automatic download of app updates is turned off. If you disable this setting, the automatic download of app updates is turned on. If you dont configure this setting, the ... oval:org.secpod.oval:def:80882 This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages. Counter Measure: Disable this setting to prevent the client from receiving unicast responses. Potential Impact: If you enable this setting and thi ... oval:org.secpod.oval:def:80854 This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. If you enable this policy s ... oval:org.secpod.oval:def:80855 This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to requi ... oval:org.secpod.oval:def:80852 This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the Users cant add Microsoft accounts option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain accoun ... oval:org.secpod.oval:def:80853 This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. Counter Measure: Disable this setting to override firewall rules created locally by administrators. Potential Impac ... oval:org.secpod.oval:def:80858 Allows or denies development of Windows Store applications and installing them directly from an IDE. If you enable this setting and enable the Allow all trusted apps to install Group Policy, you can develop Windows Store apps and install them directly from an IDE. If you disable or do not ... oval:org.secpod.oval:def:80859 This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x2) Send all samples automatically Counter Measure: Configure this setting depending on you ... oval:org.secpod.oval:def:80856 This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Active session limit drop-down list. Remote Desktop ... oval:org.secpod.oval:def:80857 System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms For the Schannel Security Service Provider (SSP), this security setting disables the weaker Secure Sockets Layer (SSL) protocols and supports only the Transport Layer Security ... oval:org.secpod.oval:def:80850 This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP. Counter Measure: Enable this setting to prevent p ... oval:org.secpod.oval:def:80851 Disables help tips that Windows shows to the user. By default, Windows will show the user help tips until the user has successfully completed the scenarios. If this setting is enabled, Windows will not show any help tips to the user. Counter Measure: Configure this setting depending ... oval:org.secpod.oval:def:80849 Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of c ... oval:org.secpod.oval:def:80843 Specifies the period of inactivity before Windows turns off the display. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. If you disable this policy or do not configure it, users can see and c ... oval:org.secpod.oval:def:80844 This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. If you enable this setting, a system restore point will be created. If you disable or do not configure this setting, a system restore point will not be created. Counter Mea ... oval:org.secpod.oval:def:80841 This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\system32\ ... oval:org.secpod.oval:def:80842 This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. Counter Measure: Configure this policy setting to Enabled to prevent Search Companion from downloading content updates during searches. Potential Impact: ... oval:org.secpod.oval:def:80847 This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not conf ... oval:org.secpod.oval:def:80848 Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note: When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notificat ... oval:org.secpod.oval:def:80845 MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments) Counter Measure: Disable this setting. Potential Impact: Remote administrative users may not be able to perform administrative tasks. Fix: (1) GPO: Computer Configuration\Administrati ... oval:org.secpod.oval:def:80846 MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers Counter Measure: Configure the MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (Only recommended for servers) entry t ... oval:org.secpod.oval:def:80840 This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. Microsoft recommends that you use this setting, if appropriate to your environment and your orga ... oval:org.secpod.oval:def:80876 This policy setting turns off experiences that help consumers make the most of their devices and Microsoft account. If you enable this policy setting, users will no longer see personalized recommendations from Microsoft and notifications about their Microsoft account. If you disable or do ... oval:org.secpod.oval:def:80877 This policy setting allows an organization to prevent its devices from showing feedback questions from Microsoft. If you enable this policy setting, users will no longer see feedback notifications through the Windows Feedback app. If you disable or do not configure this policy setting, use ... oval:org.secpod.oval:def:80874 This policy setting determines whether users can enable the following WLAN settings: Connect to suggested open hotspots, Connect to networks shared by my contacts, and Enable paid services. Connect to suggested open hotspots enables Windows to automatically connect users to open hotspots it kno ... oval:org.secpod.oval:def:80875 This policy setting prevents Windows Tips from being shown to users. If you enable this policy setting, users will no longer see Windows tips. If you disable or do not configure this policy setting, users may see contextual popups explaining how to use Windows. Microsoft uses diagnostic an ... oval:org.secpod.oval:def:80878 Enables or disables the automatic download and update of map data. If you enable this setting the automatic download and update of map data is turned off. If you disable this setting the automatic download and update of map data is turned on. If you dont configure this setting the aut ... oval:org.secpod.oval:def:80879 This setting specifies the number of past PINs that can be associated to a user account that cant be reused. This policy enables administrators to enhance security by ensuring that old PINs are not reused continually. PIN history is not preserved through PIN reset. The value must be between 0 t ... oval:org.secpod.oval:def:80872 This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods. When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method. If this policy setting is disabled or is ... oval:org.secpod.oval:def:80873 This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional. Conversely it means that Push Button is NOT allowed. If this policy setting is disabled or is not configured, by default Pu ... oval:org.secpod.oval:def:80870 This policy setting allows user to suppress reboot notifications in UI only mode (for cases where UI cant be in lockdown mode). If you enable this setting AM UI wont show reboot notifications. Counter Measure: Configure this setting depending on your organizations requirements. Potential ... oval:org.secpod.oval:def:80871 Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off. Counter Measure: Configure this setting depending on your organizations requirements. Potential Impact: Automatic exclusions are delivered to Windows Server 2016. Fix: (1) GPO: Compu ... oval:org.secpod.oval:def:80865 This policy setting lets you configure Protected Event Logging. If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Me ... oval:org.secpod.oval:def:80866 Prevent users app data from moving to another location when an app is moved or installed on another location. If you enable this setting, all users app data will stay on the system volume, regardless of where the app is installed. If you disable or do not configure this setting, then when a ... oval:org.secpod.oval:def:80863 Manages a Windows apps ability to share data between users who have installed the app. If you enable this policy, a Windows app can share app data with other instances of that app. Data is shared through the SharedLocal folder. This folder is available through the Windows.Storage API. If yo ... oval:org.secpod.oval:def:80864 This policy setting controls whether Windows Store apps with Windows Runtime API access directly from web content can be launched. If you enable this policy setting, Windows Store apps with Windows Runtime API access directly from web content cannot be launched; Windows Store apps without Windo ... oval:org.secpod.oval:def:80869 Minimum PIN length configures the minimum number of characters required for the work PIN. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, which ... oval:org.secpod.oval:def:80867 This policy setting specifies whether search and Cortana can provide location aware search and Cortana results. If this is enabled, search and Cortana can access location information. Counter Measure: Configure this setting depending on your organizations requirements. Potential Impact: ... oval:org.secpod.oval:def:80868 This policy setting determines the cipher suites used by the SMB server. If you enable this policy setting, cipher suites are prioritized in the order specified. If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure ... oval:org.secpod.oval:def:80861 When you enable this setting, planned password expiration longer than password age dictated by Password Settings policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy. When you disable or not configure this se ... oval:org.secpod.oval:def:80862 This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line) If you disable or do not configure this policy setting, the default ECC curve ... oval:org.secpod.oval:def:80860 This policy enables the automatic learning component of input personalization that includes speech, inking, and typing. Automatic learning enables the collection of speech and handwriting patterns, typing history, contacts, and recent calendar information. It is required for the use of Cortana ... oval:org.secpod.oval:def:95793 Windows DNS Spoofing Vulnerability oval:org.secpod.oval:def:84847 Active Directory Certificate Services Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain domain administrator privileges. oval:org.secpod.oval:def:82679 Windows Network File System Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). This vulnerability is only exploitable for sys ... oval:org.secpod.oval:def:82645 HTTP.sys Denial of Service Vulnerability oval:org.secpod.oval:def:83878 The host is missing a critical security update for KB5017316 oval:org.secpod.oval:def:83840 Remote Procedure Call Runtime Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. An unauthenticated attacker on local networks could spoof their IP add ... oval:org.secpod.oval:def:83826 Windows Kerberos Elevation of Privilege Vulnerability. An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session ke ... oval:org.secpod.oval:def:83828 Windows DNS Server Denial of Service Vulnerability oval:org.secpod.oval:def:83825 Windows Kerberos Elevation of Privilege Vulnerability. An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session ke ... oval:org.secpod.oval:def:83820 Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability. An attacker who successfully exploited this could bypass the Network Device Enrollment (NDES) Services' cryptographic service provider. oval:org.secpod.oval:def:81536 Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Systems running Windows Server that have the optional component ... oval:org.secpod.oval:def:81518 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79970 Windows Clustered Shared Volume Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:79972 Windows Clustered Shared Volume Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:79973 Windows Clustered Shared Volume Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:79964 Windows Failover Cluster Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:79963 Windows Network File System Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). oval:org.secpod.oval:def:79986 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79981 Windows Clustered Shared Volume Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79985 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79978 Windows Clustered Shared Volume Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:79979 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78844 The host is missing an important security update KB5012604 oval:org.secpod.oval:def:79966 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79912 Storage Spaces Direct Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:79913 Storage Spaces Direct Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79914 Storage Spaces Direct Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:80000 The host is missing a critical security update for KB5013944 oval:org.secpod.oval:def:78839 The host is missing an important security update for KB5012123 oval:org.secpod.oval:def:77157 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77074 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75828 Active Directory Domain Services Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75825 Active Directory Domain Services Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75835 Active Directory Domain Services Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75833 Active Directory Domain Services Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75350 Windows AD FS Security Feature Bypass Vulnerability. This vulnerability could allow an attacker to bypass ADFS BannedIPList entries for WS-Trust workflows. oval:org.secpod.oval:def:75355 Active Directory Federation Server Spoofing Vulnerability. The ADFS (Active Directory Federation Services) services are vulnerable during the logout redirect request to cross-site scripting of the post logout redirect URI. An attacker who successfully exploited this vulnerability could leave an appl ... oval:org.secpod.oval:def:75305 Windows DNS Server Remote Code Execution Vulnerability. This vulnerability is only exploitable if the server is configured to be a DNS server. oval:org.secpod.oval:def:75318 Active Directory Security Feature Bypass Vulnerability. This vulnerability could allow an attacker to bypass Active Directory domain permissions for Key Admins groups. oval:org.secpod.oval:def:77685 The host is missing an important security update for KB5010354 oval:org.secpod.oval:def:85428 Windows Kerberos Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges. An authenticated attacker could leverage cryptographic protocol vulnerabilities in Windows Kerberos. If the attacker gains control on the service that ... oval:org.secpod.oval:def:75317 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:78763 Windows Hyper-V Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack V ... oval:org.secpod.oval:def:75323 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:86762 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system. oval:org.secpod.oval:def:75304 Windows Bind Filter Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:75319 Microsoft DWM Core Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78772 Windows Desktop Bridge Elevation of Privilege Vulnerability oval:org.secpod.oval:def:83848 HTTP V3 Denial of Service Vulnerability. A prerequisite for a server to be vulnerable is that the binding has HTTP/3 enabled and the server uses buffered I/O. oval:org.secpod.oval:def:84809 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability oval:org.secpod.oval:def:89003 Windows Secure Channel Denial of Service Vulnerability. Only those devices running TLS 1.3 are affected oval:org.secpod.oval:def:89004 Windows Secure Channel Denial of Service Vulnerability. Only those devices running TLS 1.3 are affected. oval:org.secpod.oval:def:79907 Remote Desktop Client Remote Code Execution Vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user. oval:org.secpod.oval:def:79915 Remote Desktop Protocol Client Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:85441 Windows Bind Filter Driver Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain administrator privileges. oval:org.secpod.oval:def:77160 Windows Defender Credential Guard Security Feature Bypass Vulnerability oval:org.secpod.oval:def:79953 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78765 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability would allow a Hyper-V guest to affect the functionality of the Hyper-V host. oval:org.secpod.oval:def:78077 Windows SMBv3 Client/Server Remote Code Execution Vulnerability. Unauthenticated attackers are not able to exploit this vulnerability. oval:org.secpod.oval:def:75294 Windows Hyper-V Remote Code Execution Vulnerability. For successful exploitation, this vulnerability could allow a malicious guest VM to read kernel memory in the host. To trigger this vulnerability the guest VM requires a memory allocation error to first occur on the guest VM. This bug could be use ... oval:org.secpod.oval:def:78806 DiskUsage.exe Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially c ... oval:org.secpod.oval:def:82676 Windows Defender Credential Guard Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could access Kerberos protected data. oval:org.secpod.oval:def:78764 Windows Hyper-V Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. The word Remote in the title refers to the location of the attack ... oval:org.secpod.oval:def:77648 Windows DNS Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:81920 Windows Server Service Tampering Vulnerability. For successful exploitation, a malicious certificate needs to be imported on an affected system. An authenticated attacker could remotely upload a certificate to the Server service. oval:org.secpod.oval:def:75315 Windows Desktop Bridge Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76088 Windows 10 Update Assistant Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:82972 Windows Defender Credential Guard Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:82971 Windows Defender Credential Guard Security Feature Bypass Vulnerability. A remote authenticated attacker can gain elevated privileges on the target system. oval:org.secpod.oval:def:75299 Windows Hyper-V Remote Code Execution Vulnerability oval:org.secpod.oval:def:75298 Windows Installer Spoofing Vulnerability oval:org.secpod.oval:def:75297 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75296 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75295 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75293 Windows Print Spooler Spoofing Vulnerability oval:org.secpod.oval:def:75292 Windows TCP/IP Denial of Service Vulnerability oval:org.secpod.oval:def:75291 An authorized (medium integrity level) attacker could exploit this Windows Storport driver elevation of privilege vulnerability by locally sending through a user mode application a specially crafted request to the driver specifying an IOCTL parameter, which could lead to an out-of-bounds buffer writ ... oval:org.secpod.oval:def:75306 DirectX Graphics Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75303 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75302 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75301 Windows Nearby Sharing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75300 Windows NAT Denial of Service Vulnerability oval:org.secpod.oval:def:75349 Windows Fast FAT File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:75348 Windows exFAT File System Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:75347 Windows Fast FAT File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:75346 Windows HTTP.sys Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75345 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability oval:org.secpod.oval:def:75344 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability oval:org.secpod.oval:def:75354 Windows AppX Deployment Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75352 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:75351 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability. This vulnerability could allow an attacker to bypass Extended Protection for Authentication provided by SPN target name validation. oval:org.secpod.oval:def:75343 Windows Text Shaping Remote Code Execution Vulnerability oval:org.secpod.oval:def:75309 Storage Spaces Controller Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75308 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75307 Windows AppContainer Elevation Of Privilege Vulnerability oval:org.secpod.oval:def:75310 Storage Spaces Controller Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75322 Storage Spaces Controller Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75314 Windows Print Spooler Information Disclosure Vulnerability. he type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:75311 Storage Spaces Controller Elevation of Privilege Vulnerability. An authorized (medium integrity level) attacker could exploit this Windows Storport driver elevation of privilege vulnerability by locally sending through a user mode application a specially crafted request to the driver specifying an I ... oval:org.secpod.oval:def:75321 Windows MSHTML Platform Remote Code Execution Vulnerability. While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. Th ... oval:org.secpod.oval:def:75320 Windows Graphics Component Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to ... oval:org.secpod.oval:def:75822 Microsoft COM for Windows Remote Code Execution Vulnerability. An authorized attacker could exploit this Windows COM vulnerability by sending from a user mode application specially crafted malicious COM traffic directed at the COM Server, which might lead to remote code execution. oval:org.secpod.oval:def:77087 Windows Hyper-V Security Feature Bypass Vulnerability. This bypass could affect any Hyper-V configurations that are using Router Guard. Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router path ... oval:org.secpod.oval:def:77083 Windows Hyper-V Security Feature Bypass Vulnerability. This bypass could affect any Hyper-V configurations that are using Router Guard. Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router path ... oval:org.secpod.oval:def:77060 Windows Hyper-V Denial of Service Vulnerability oval:org.secpod.oval:def:78049 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:77180 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:77654 Windows Hyper-V Remote Code Execution Vulnerability. In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment. In this case, in order to execute a succe ... oval:org.secpod.oval:def:77663 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Successful exploitation of this vulnerability would allow a Hyper-V guest to affect the functionalit ... oval:org.secpod.oval:def:78762 Windows Hyper-V Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack V ... oval:org.secpod.oval:def:78757 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:79954 Windows Hyper-V Security Feature Bypass Vulnerability. This Hyper-V vulnerability relates to a Virtual Machine Switch with virtual networking in Hyper-V Network Virtualization (HNV). It might be possible to bypass extended ACLs and other Windows security feature checks. Successful exploitation of th ... oval:org.secpod.oval:def:78785 Windows Hyper-V Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack V ... oval:org.secpod.oval:def:83850 Windows Enterprise App Management Service Remote Code Execution Vulnerability. The Enterprise App Management service exposes a COM class that could allow an authenticated attacker to install arbitrary SYSTEM services that run with SYSTEM privileges, which could result in remote code execution. oval:org.secpod.oval:def:90361 Windows Remote Desktop Security Feature Bypass Vulnerability. An attacker must send the user a malicious file and convince the user to open said file. An attacker who successfully exploited this vulnerability could bypass certificate validation during a remote desktop connection by creating a validl ... oval:org.secpod.oval:def:77099 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:77098 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:77097 Remote Procedure Call Runtime Remote Code Execution Vulnerability. An attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. oval:org.secpod.oval:def:77096 Windows User Profile Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77095 DirectX Graphics Kernel File Denial of Service Vulnerability oval:org.secpod.oval:def:77094 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77093 Windows GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:77092 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. A local, authenticated attacker could gain elevated privileges through a vulnerable file system component. oval:org.secpod.oval:def:77090 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77089 HTTP Protocol Stack Remote Code Execution Vulnerability. In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. oval:org.secpod.oval:def:77088 Windows Defender Application Control Security Feature Bypass Vulnerability oval:org.secpod.oval:def:77086 Windows GDI Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:77085 Windows GDI Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77081 DirectX Graphics Kernel Remote Code Execution Vulnerability oval:org.secpod.oval:def:77080 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77059 Windows Certificate Spoofing Vulnerability. A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked ... oval:org.secpod.oval:def:77058 Microsoft Cryptographic Services Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77057 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77079 Windows User Profile Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77078 Remote Desktop Protocol Remote Code Execution Vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents. oval:org.secpod.oval:def:77077 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:77075 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77073 Win32k Elevation of Privilege Vulnerability. A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. oval:org.secpod.oval:def:77072 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77071 Windows GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:77070 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77069 Storage Spaces Controller Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:77068 Win32k Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:77067 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77066 Connected Devices Platform Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77065 Windows Accounts Control Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77064 Windows Bind Filter Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77063 Active Directory Domain Services Elevation of Privilege Vulnerability. This update resolves an elevation of privilege vulnerability specific to Active Directory Domain Services environments with incoming trusts. Prior to this update, an attacker could elevate privileges across the trust boundary und ... oval:org.secpod.oval:def:77062 Remote Desktop Client Remote Code Execution Vulnerability. An authenticated user might be tricked into connecting to a malicious remote desktop server in which the remote desktop host server sends a specially crafted PDU (Server RDP Preconnection) targeting the remote client's drive redirection virt ... oval:org.secpod.oval:def:77061 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:77101 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:77100 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:78050 Media Foundation Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:78051 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:78052 Media Foundation Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:78053 Point-to-Point Tunneling Protocol Denial of Service Vulnerability oval:org.secpod.oval:def:78054 Windows Common Log File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:78055 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78056 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78057 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:77159 Windows Kerberos Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to a domain admin. oval:org.secpod.oval:def:77161 Workstation Service Remote Protocol Security Feature Bypass Vulnerability oval:org.secpod.oval:def:77128 Windows Cleanup Manager Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:77127 Windows Devices Human Interface Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77126 Windows Geolocation Service Remote Code Execution Vulnerability oval:org.secpod.oval:def:77136 Windows DWM Core Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77135 Windows IKE Extension Remote Code Execution Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated. oval:org.secpod.oval:def:77134 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77133 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77131 Virtual Machine IDE Drive Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77149 Windows Storage Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77148 Windows Security Center API Remote Code Execution Vulnerability oval:org.secpod.oval:def:77158 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass oval:org.secpod.oval:def:77156 Windows DWM Core Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77155 Windows DWM Core Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77154 Secure Boot Security Feature Bypass Vulnerability oval:org.secpod.oval:def:77153 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77152 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77151 Windows Modern Execution Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:77150 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77139 Windows Application Model Core API Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77138 Task Flow Data Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77137 Windows AppContracts API Server Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77147 Tile Data Repository Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77146 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77145 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77144 Clipboard User Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77143 Windows Push Notifications Apps Elevation Of Privilege Vulnerability oval:org.secpod.oval:def:77142 Windows System Launcher Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77141 Windows UI Immersive Server API Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77140 Windows StateRepository API Server file Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77104 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:77103 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:77102 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. This vulnerability can also be exploited through a Local attack vector. An attacker authentica ... oval:org.secpod.oval:def:77649 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:77647 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77646 Roaming Security Rights Management Services Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:77645 Windows Runtime Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:77653 Windows DWM Core Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77652 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a us ... oval:org.secpod.oval:def:77651 Windows Mobile Device Management Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:77650 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. In this case, a successful attack could be performed from a low privilege AppContainer. The atta ... oval:org.secpod.oval:def:77666 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77665 Windows Print Spooler Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:77659 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77658 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77657 Windows Common Log File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:77656 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:77664 Named Pipe File System Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77662 Windows Common Log File System Driver Denial of Service Vulnerability oval:org.secpod.oval:def:77661 Windows User Account Profile Picture Denial of Service Vulnerability oval:org.secpod.oval:def:77660 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78732 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78733 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78734 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78735 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78736 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78737 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78738 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78739 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78730 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78731 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78721 Windows SMB Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially cra ... oval:org.secpod.oval:def:78722 Win32 Stream Enumeration Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this ... oval:org.secpod.oval:def:78724 Windows Server Service Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this sp ... oval:org.secpod.oval:def:78725 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78726 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78727 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78728 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78755 Windows LDAP Denial of Service Vulnerability oval:org.secpod.oval:def:78756 Windows LDAP Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. oval:org.secpod.oval:def:78753 Windows DNS Server Remote Code Execution Vulnerability oval:org.secpod.oval:def:78720 Local Security Authority (LSA) Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78716 Win32 Stream Enumeration Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this ... oval:org.secpod.oval:def:78717 Win32 File Enumeration Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this sp ... oval:org.secpod.oval:def:78718 Windows Local Security Authority (LSA) Remote Code Execution Vulnerability. In order to exploit this vulnerability the attacker is required to be a local user with a smart card or already logged on remotely through RDP to the remote machine. The authorized attacker could then exploit this Windows LS ... oval:org.secpod.oval:def:78719 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode proce ... oval:org.secpod.oval:def:78780 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78781 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78782 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same pe ... oval:org.secpod.oval:def:78783 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78784 Remote Desktop Protocol Remote Code Execution Vulnerability oval:org.secpod.oval:def:78776 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same pe ... oval:org.secpod.oval:def:78777 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78778 Windows Direct Show - Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the At ... oval:org.secpod.oval:def:78779 Windows iSCSI Target Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:78771 Windows Kerberos Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78775 Windows Network File System Remote Code Execution Vulnerability. This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. An attacker could send a specially crafted NFS protocol network message to a vulnerable Windows m ... oval:org.secpod.oval:def:78766 Windows Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78767 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78768 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78769 Windows Kernel Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of certain kernel memory content. oval:org.secpod.oval:def:78788 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78789 Windows Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78060 Windows DWM Core Library Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78061 Windows Inking COM Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78062 Windows DWM Core Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78063 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78064 Windows Event Tracing Remote Code Execution Vulnerability. An attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. The authenticated attacker could potentially take advantage of this vulnerability to execute malicious code through the Event Log's Remote ... oval:org.secpod.oval:def:78065 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78066 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode proce ... oval:org.secpod.oval:def:78067 Windows NT OS Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78068 Windows PDEV Elevation of Privilege Vulnerability. A Windows PDEV is a logical representation of the physical device. It is characterized by the type of hardware, logical address, and surfaces that can be supported. As an example of a driver supporting a PDEV characterized by the type of hardware, o ... oval:org.secpod.oval:def:78069 Windows Security Support Provider Interface Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78058 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78059 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78071 Windows Fax and Scan Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78072 Tablet Windows User Interface Application Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78073 Windows HTML Platforms Security Feature Bypass Vulnerability oval:org.secpod.oval:def:78074 Remote Desktop Protocol Client Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:78075 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78076 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79950 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79951 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same pe ... oval:org.secpod.oval:def:79952 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution ... oval:org.secpod.oval:def:79947 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution ... oval:org.secpod.oval:def:79948 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79949 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79936 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:79971 Windows WLAN AutoConfig Service Denial of Service Vulnerability. This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would includ ... oval:org.secpod.oval:def:79965 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79967 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79968 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user import a specially crafted contact record and sends it a FAX. oval:org.secpod.oval:def:79960 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79961 Windows WLAN AutoConfig Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79962 Windows Server Service Information Disclosure Vulnerability. The Windows Server Service is frequently referred to as LanmanServer, and is responsible for making printer and file sharing possible within a Windows powered network. The presence of specific file names and users can be confirmed over the ... oval:org.secpod.oval:def:79955 Active Directory Domain Services Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79956 Windows LSA Spoofing Vulnerability. An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it. oval:org.secpod.oval:def:79957 Windows Address Book Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. Exploitation of the vulnerability requires that a ... oval:org.secpod.oval:def:79958 Windows Graphics Component Remote Code Execution Vulnerability. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType ... oval:org.secpod.oval:def:79959 Windows NTFS Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of certain kernel memory content. oval:org.secpod.oval:def:79905 Windows LDAP Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account.. oval:org.secpod.oval:def:79906 Windows PlayToManager Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79909 Windows Authentication Security Feature Bypass Vulnerability oval:org.secpod.oval:def:79920 Windows Push Notifications Apps Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79921 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:79922 Windows LDAP Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller. oval:org.secpod.oval:def:79923 Windows LDAP Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller. oval:org.secpod.oval:def:79924 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79925 Windows Print Spooler Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. oval:org.secpod.oval:def:79910 Windows Remote Access Connection Manager Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressin ... oval:org.secpod.oval:def:79911 Windows Kerberos Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:79916 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79919 Windows Print Spooler Information Disclosure Vulnerability oval:org.secpod.oval:def:78799 PowerShell Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78790 Windows Kerberos Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78791 Windows Kerberos Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack ... oval:org.secpod.oval:def:78792 Windows DWM Core Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78793 Windows Digital Media Receiver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78794 Windows AppX Package Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78795 Windows Telephony Server Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78810 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:78811 Windows Fax Compose Form Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user employ a specially crafted malicious contact record to send a FAX. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted contact re ... oval:org.secpod.oval:def:78812 Windows Fax Compose Form Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user employ a specially crafted malicious contact record to send a FAX. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted contact re ... oval:org.secpod.oval:def:78813 Windows Fax Compose Form Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user employ a specially crafted malicious contact record to send a FAX. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted contact re ... oval:org.secpod.oval:def:78814 Windows Graphics Component Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:78815 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78816 Windows Network File System Remote Code Execution Vulnerability. This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. An attacker could send a specially crafted NFS protocol network message to a vulnerable Windows m ... oval:org.secpod.oval:def:78800 Windows Work Folder Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78801 Windows File Explorer Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78802 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. oval:org.secpod.oval:def:78803 Windows File Server Resource Management Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78804 Windows File Server Resource Management Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78805 Windows Bluetooth Driver Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78807 Windows Graphics Component Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that t ... oval:org.secpod.oval:def:78808 Windows User Profile Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78809 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79974 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:81899 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81898 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81892 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open ... oval:org.secpod.oval:def:81891 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:81890 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Successful exploitation of th ... oval:org.secpod.oval:def:81895 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open ... oval:org.secpod.oval:def:81894 Windows CSRSS Elevation of Privilege Vulnerability. A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. Because the AppContainer environment is considered a defensible security boundary, any process th ... oval:org.secpod.oval:def:81893 Windows Internet Information Services Cachuri Module Denial of Service Vulnerability oval:org.secpod.oval:def:79980 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79982 Windows LDAP Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited this could allow the malicious server to ga ... oval:org.secpod.oval:def:79983 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79984 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:79975 Windows LDAP Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller. oval:org.secpod.oval:def:79976 Windows LDAP Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account. This vulnerability is only exploitable if the MaxRece ... oval:org.secpod.oval:def:81908 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:81907 Windows CSRSS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81906 Windows.Devices.Picker.dll Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81905 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. An attacker could potentially exploit this vulnerability to elevate privileges from a client-side application sandbox in earlier Microsoft operating systems. However, mitigation technologies in later Microsoft operating system ... oval:org.secpod.oval:def:81909 Windows CSRSS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81900 Remote Procedure Call Runtime Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. oval:org.secpod.oval:def:81903 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81902 Internet Information Services Dynamic Compression Module Denial of Service Vulnerability. While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker can force a bad response to be cached into a regu ... oval:org.secpod.oval:def:81911 Windows BitLocker Information Disclosure Vulnerability. An attacker could access unencrypted parts of a BitLocker encrypted storage device if the administrator resizes the OS volume while concurrently provisioning the drive with BitLocker encryption. An attacker who successfully exploited this vulne ... oval:org.secpod.oval:def:81910 Windows Fax Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81913 Windows Group Policy Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Successful exploitation of this vulnerability r ... oval:org.secpod.oval:def:81912 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81540 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:81544 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81543 Windows Kerberos Elevation of Privilege Vulnerability. An authenticated attacker could exploit this vulnerability to elevate privileges and then spoof the Kerberos logon process when a remote credential guard connection is made via CredSSP over the network. Systems configured to activate both of the ... oval:org.secpod.oval:def:81542 Kerberos AppContainer Security Feature Bypass Vulnerability. An attacker could bypass the Kerberos service ticketing feature which performs user access control checks. An low privilege attacker could execute a script within an App Container to request a service ticket and thereby gain elevation to t ... oval:org.secpod.oval:def:81537 Windows Kernel Denial of Service Vulnerability. This vulnerability could be exploited if an authenticated user opens a specially crafted file locally or browses to that file on a network share when running an unpatched version of Windows. When the user browses or lists the maliciously crafted file t ... oval:org.secpod.oval:def:81535 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited thi ... oval:org.secpod.oval:def:81534 Windows Network Address Translation (NAT) Denial of Service Vulnerability oval:org.secpod.oval:def:81539 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited thi ... oval:org.secpod.oval:def:81538 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81533 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:81532 Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. oval:org.secpod.oval:def:81531 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. An authenticated victim who is connected to the network must be tricked or pe ... oval:org.secpod.oval:def:81530 Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files. oval:org.secpod.oval:def:81526 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Successful expl ... oval:org.secpod.oval:def:81525 Windows File History Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. This vulnerability could be triggered when a windows client connects to a malicious remote share. oval:org.secpod.oval:def:81524 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. An unauthentica ... oval:org.secpod.oval:def:81523 Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Successful exploitation of this vulnerability requires a user to place a call to trigge ... oval:org.secpod.oval:def:81529 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81528 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. An authenticated victim who is connected to the network must be tricked or pe ... oval:org.secpod.oval:def:81527 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:81522 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Successful expl ... oval:org.secpod.oval:def:81519 Windows Container Manager Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81929 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. On machines with slow or older USB controller hardware, the Group policy might have (silently) failed to apply. On such machines, the attacker can trivially exploit this enforcement failure by attaching a USB storage d ... oval:org.secpod.oval:def:81927 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:81922 Windows Graphics Component Remote Code Execution Vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user. oval:org.secpod.oval:def:81921 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81926 Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could affect the integrity and availability because they could delete privileged registry keys. Confidentiality is not affected by a successful attack, however ... oval:org.secpod.oval:def:81925 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81923 Windows Shell Remote Code Execution Vulnerability. An unauthenticated attacker could interact with the login screen of a vulnerable system in a specific manner to execute code on that system. oval:org.secpod.oval:def:81917 Windows GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+. oval:org.secpod.oval:def:81916 Windows IIS Server Elevation of Privilege Vulnerability. An attacker who successfully exploited the vulnerability could bypass authentication on Windows IIS Server. Attackers might be able to post or get information from the Web Service (CVSS metrics C:H/I:H), but would not be able to disrupt the se ... oval:org.secpod.oval:def:81915 Windows Security Account Manager (SAM) Denial of Service Vulnerability oval:org.secpod.oval:def:81914 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81933 Windows Boot Manager Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. Successful exploitation of this vulnerability could allow an attacker to access the pre-boot environment. oval:org.secpod.oval:def:81931 Performance Counters for Windows Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:81930 Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81935 Windows Connected Devices Platform Service Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. S ... oval:org.secpod.oval:def:81934 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. oval:org.secpod.oval:def:82680 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:82678 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82673 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:82672 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82671 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82670 Windows Defender Credential Guard Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82677 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file:* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and ... oval:org.secpod.oval:def:82675 Windows Defender Credential Guard Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could access Kerberos protected data. oval:org.secpod.oval:def:82674 Windows Defender Credential Guard Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard. oval:org.secpod.oval:def:82669 Windows Defender Credential Guard Information Disclosure Vulnerability. An attacker that successfully exploited this vulnerability could recover plaintext from TLS-protected data. oval:org.secpod.oval:def:82668 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82667 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability oval:org.secpod.oval:def:82662 Windows Kernel Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could bypass KASLR (Kernel Address Space Layout Randomization). Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:82661 Windows WebBrowser Control Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Any authenticated user could trigger this vulnerability. It does not require admin or ... oval:org.secpod.oval:def:82660 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. oval:org.secpod.oval:def:82666 Windows Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82664 Active Directory Domain Services Elevation of Privilege Vulnerability. A system is vulnerable only if Active Directory Certificate Services is running on the domain. An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Direc ... oval:org.secpod.oval:def:82663 Windows Fax Service Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:82694 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82693 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82692 Windows Local Security Authority (LSA) Denial of Service Vulnerability oval:org.secpod.oval:def:82691 Windows Kernel Memory Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:82690 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker must send the user a malicious input file and convince the user to open said input file. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82689 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. The vulnerable system can be exploited without any interaction from any user. oval:org.secpod.oval:def:82684 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An unauthenticated attacker could send a specially crafted connection request to a RA ... oval:org.secpod.oval:def:82683 Windows Digital Media Receiver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82682 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82681 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. oval:org.secpod.oval:def:82688 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. The vulnerable system can be exploited without any interaction from any user. oval:org.secpod.oval:def:82686 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82685 Windows Digital Media Receiver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82657 Windows Bluetooth Driver Elevation of Privilege Vulnerability. An authorized local attacker could exploit this Windows Bluetooth driver vulnerability by programmatically running certain functions to arbitrarily gain registry key creation and deletion in the bthport.sys driver. oval:org.secpod.oval:def:82651 Storage Spaces Direct Elevation of Privilege Vulnerability. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:82650 Storage Spaces Direct Elevation of Privilege Vulnerability. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:82655 Windows Error Reporting Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82654 Storage Spaces Direct Elevation of Privilege Vulnerability. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:82653 Storage Spaces Direct Elevation of Privilege Vulnerability. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:82652 Storage Spaces Direct Elevation of Privilege Vulnerability. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:82648 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:82647 Windows Kerberos Elevation of Privilege Vulnerability. Exploitation of this vulnerability requires that a user trigger the payload in the application. A domain user could use this vulnerability to elevate privileges to a domain admin. oval:org.secpod.oval:def:82649 Microsoft ATA Port Driver Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:82640 Windows Partition Management Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82644 Windows Partition Management Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82643 CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:82642 CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:82641 CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:82700 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82724 The host is missing an important security update for KB5012170 oval:org.secpod.oval:def:84757 Windows Resilient File System Elevation of Privilege. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84750 Windows CryptoAPI Spoofing Vulnerability. An attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate. oval:org.secpod.oval:def:83849 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83844 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83845 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83846 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83847 Windows Graphics Component Information Disclosure Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user t ... oval:org.secpod.oval:def:83841 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:83842 Windows Event Tracing Denial of Service Vulnerability oval:org.secpod.oval:def:83843 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:83837 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83838 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83839 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83833 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83834 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83836 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83830 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83831 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83832 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:83860 Windows Graphics Component Information Disclosure Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user t ... oval:org.secpod.oval:def:83859 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83855 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:83857 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code exe ... oval:org.secpod.oval:def:83858 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open t ... oval:org.secpod.oval:def:83851 DirectX Graphics Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83852 Windows Group Policy Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83853 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83854 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83827 Windows TCP/IP Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine. oval:org.secpod.oval:def:83829 Windows ALPC Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83822 Windows Credential Roaming Service Elevation of Privilege Vulnerability. Exploitation of the vulnerability requires that a user to log in to Windows. An attacker who successfully exploited the vulnerability could gain remote interactive logon rights to a machine where the victim's account would not ... oval:org.secpod.oval:def:83823 Windows Secure Channel Denial of Service Vulnerability. An unauthenticated attacker could exploit the vulnerability by sending specially crafted network traffic to the TLS server and could cause it to crash. An attacker who successfully exploited this vulnerability might be able to disclose a single ... oval:org.secpod.oval:def:83824 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:82967 Windows Defender Credential Guard Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:83815 Windows Distributed File System (DFS) Elevation of Privilege Vulnerability. A local authenticated attacker could gain elevated privileges through a vulnerable DFS client, which could allow the attacker to locally execute arbitrary code in the kernel. oval:org.secpod.oval:def:82966 Windows Defender Credential Guard Security Feature Bypass Vulnerability. A remote authenticated attacker can gain elevated privileges on the target system. oval:org.secpod.oval:def:83816 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability oval:org.secpod.oval:def:83817 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. oval:org.secpod.oval:def:83818 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. oval:org.secpod.oval:def:83814 Windows Photo Import API Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84763 Web Account Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view unbound refresh tokens issued by one cloud on a different cloud. oval:org.secpod.oval:def:82695 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82699 Windows Print Spooler Elevation of Privilege Vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82698 Windows Defender Credential Guard Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:82697 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability oval:org.secpod.oval:def:82696 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84855 Windows Graphics Component Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to gain SYSTEM privileges. oval:org.secpod.oval:def:84817 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85497 .NET Framework Information Disclosure Vulnerability oval:org.secpod.oval:def:85429 Windows Group Policy Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85426 AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the la ... oval:org.secpod.oval:def:85443 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85442 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85445 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:85444 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. oval:org.secpod.oval:def:85440 Windows GDI+ Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could expl ... oval:org.secpod.oval:def:85439 Microsoft DWM Core Library Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85436 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85435 Windows HTTP.sys Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85437 Windows Group Policy Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted. An attacker who success ... oval:org.secpod.oval:def:85432 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:85434 Windows Kerberos Denial of Service Vulnerability oval:org.secpod.oval:def:85433 Windows Graphics Component Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:86113 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker could potentially exploit this vulnerability to elevate privileges from a client-side application sandbox in earlier Microsoft operating systems. However, mitigation technologies in later Microsoft operating systems make th ... oval:org.secpod.oval:def:86115 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86110 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86111 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86107 Windows Projected File System Elevation of Privilege Vulnerability. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86106 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86109 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. A successful attack could be performed from a low privilege AppContainer. The attacker could get unauthorized access t ... oval:org.secpod.oval:def:86108 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86103 Windows Fax Compose Form Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be runni ... oval:org.secpod.oval:def:86102 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:86105 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:86150 The host is missing a security update for ADV220005 oval:org.secpod.oval:def:86697 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:86750 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by an authenticated attacker through a low complexity attack on a server configured as the domain controller. oval:org.secpod.oval:def:86740 Windows Task Scheduler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:86705 Windows NTLM Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86707 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86737 Remote Procedure Call Runtime Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:87496 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability oval:org.secpod.oval:def:88967 Windows Kernel Denial of Service Vulnerability oval:org.secpod.oval:def:88939 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88954 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:88947 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This vulnerability could be triggered when a user connects a Windows client to a malicious server. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to pre ... oval:org.secpod.oval:def:88115 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88116 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90395 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker convinces a victim to download and open a specially crafted file from a w ... oval:org.secpod.oval:def:90396 .NET Framework Denial of Service Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to cause a denial of service vulnerability. oval:org.secpod.oval:def:90398 .NET Framework Elevation of Privilege Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to gain administrator privileges. oval:org.secpod.oval:def:90399 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker convinces a victim to download and open a specially crafted file from a w ... oval:org.secpod.oval:def:90354 Windows Kernel Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Successful exploitation of this vulnerability requires an attacker to coordinate an attack with another privileged pr ... oval:org.secpod.oval:def:89017 Windows Group Policy Security Feature Bypass Vulnerability. The vulnerability would only prevent an admin from updating group policies during the time an attacker is performing a specific action; however, it would not prevent an admin from otherwise being able to update the policies. oval:org.secpod.oval:def:89016 Windows Lock Screen Security Feature Bypass Vulnerability. The authentication feature could be bypassed as this vulnerability allows impersonation. oval:org.secpod.oval:def:89010 Windows Boot Manager Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot to run unauthorized code. To be successful the attacker would need either physical access or administrator privileges. oval:org.secpod.oval:def:89007 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability oval:org.secpod.oval:def:89699 Windows Driver Revocation List Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass the revocation list feature by modifying it and therefore impact the integrity of that list. oval:org.secpod.oval:def:89693 Server for NFS Denial of Service Vulnerability oval:org.secpod.oval:def:89692 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:90738 Windows MSHTML Platform Elevation of Privilege Vulnerability. The attacker would gain the rights of the user that is running the affected application. oval:org.secpod.oval:def:90854 Windows Netlogon Information Disclosure Vulnerability. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a man-in-the-middle (MITM) attack. An attacker who successfull ... oval:org.secpod.oval:def:90858 Windows SmartScreen Security Feature Bypass Vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker. The attacker would be able to bypass the Open File - Security Warning prompt. oval:org.secpod.oval:def:93038 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that a user trigger the payload in the application. oval:org.secpod.oval:def:90891 Azure Active Directory Security Feature Bypass Vulnerability. An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device. B ... oval:org.secpod.oval:def:90913 The host is missing an important security update for ADV230002 oval:org.secpod.oval:def:90914 The host is missing a security update for ADV230001 oval:org.secpod.oval:def:93651 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93663 Microsoft DirectMusic Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:93631 Windows Mark of the Web Security Feature Bypass Vulnerability. An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW taggin ... oval:org.secpod.oval:def:93645 Windows Kernel Elevation of Privilege Vulnerability. An attacker must send the user a malicious input file and convince the user to open said input file. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:93646 Windows Mixed Reality Developer Tools Denial of Service Vulnerability oval:org.secpod.oval:def:93615 Windows MSHTML Platform Remote Code Execution Vulnerability. An attacker could successfully exploit this vulnerability by invoking the PrintHTML API from a locally running application (or by tricking a user into doing so) which could allow the attacker to launch an app via application protocols with ... oval:org.secpod.oval:def:93617 Windows Search Security Feature Bypass Vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker. A security feature bypass vulnerability exists when MapUrlToZone fails to correctly handle certain paths. This could allow an attacker to plant files witho ... oval:org.secpod.oval:def:94456 Windows SmartScreen Security Feature Bypass Vulnerability. The attacker would be able to bypass Windows Defender SmartScreen checks and their associated prompts. The user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be co ... oval:org.secpod.oval:def:93672 Windows TCP/IP Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the unencrypted contents of IPsec packets from other sessions on a server. oval:org.secpod.oval:def:93673 PrintHTML API Remote Code Execution Vulnerability. An attacker could successfully exploit this vulnerability by invoking the PrintHTML API from a locally running application (or by tricking a user into doing so) which could allow the attacker to launch an app via application protocols without prompt ... oval:org.secpod.oval:def:94454 Mitre: CVE-2023-24023 Bluetooth Vulnerability. CVE-2023-24023 is regarding a vulnerability reported to the Bluetooth Special Interest Group (Bluetooth SIG). MITRE assigned this CVE number on behalf of the Bluetooth organization https://www.bluetooth.com/about-us/vision/. oval:org.secpod.oval:def:88885 Open Source Curl Remote Code Execution Vulnerability. oval:org.secpod.oval:def:81932 HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data. This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The July 2022 Windows Security Updates includes the most recent version of thi ... oval:org.secpod.oval:def:77129 Open Source Curl Remote Code Execution Vulnerability. This CVE is regarding a vulnerability in the curl open source library which is used by Windows. oval:org.secpod.oval:def:77130 Libarchive Remote Code Execution Vulnerability. CVE-2021-36976 is regarding a vulnerability in the libarchive open source library which is used by Windows. The January 2022 Windows Security Updates include the most recent version of this library which addresses the vulnerability and others. oval:org.secpod.oval:def:98979 SmartScreen Prompt Security Feature Bypass Vulnerability. A user needs to be tricked into running malicious files. To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown ... oval:org.secpod.oval:def:98969 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98955 Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability oval:org.secpod.oval:def:98864 Windows USB Print Driver Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98949 Windows Defender Credential Guard Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:98852 HTTP.sys Denial of Service Vulnerability oval:org.secpod.oval:def:98941 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98845 Windows DWM Core Library Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:98921 Windows Authentication Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88042 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. oval:org.secpod.oval:def:93680 Windows Virtual Trusted Platform Module Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. oval:org.secpod.oval:def:93681 Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability. This vulnerability could lead to a contained execution environment escape. Successful exploitation of this vulnerability would rely upon complex memory shaping techniques to attempt an attack. The attacker must be authent ... oval:org.secpod.oval:def:94482 Windows Hyper-V Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98956 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:98923 Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98922 Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98448 Microsoft ODBC Driver Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to th ... oval:org.secpod.oval:def:98449 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:98444 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:98445 Microsoft ODBC Driver Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to th ... oval:org.secpod.oval:def:98446 Microsoft ODBC Driver Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to th ... oval:org.secpod.oval:def:98447 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:98451 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98452 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view. oval:org.secpod.oval:def:98453 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98454 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view. oval:org.secpod.oval:def:98455 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98456 Windows Kernel Denial of Service Vulnerability oval:org.secpod.oval:def:98460 Windows Standards-Based Storage Management Service Denial of Service Vulnerability oval:org.secpod.oval:def:98426 Windows USB Print Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98427 Windows USB Print Driver Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98428 NTFS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98422 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98424 Microsoft AllJoyn API Denial of Service Vulnerability oval:org.secpod.oval:def:98425 Windows Telephony Server Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could execute code in the security context of the "NT AUTHORITY\Network Service" accoun ... oval:org.secpod.oval:def:98437 Windows Print Spooler Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98439 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98436 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability. A hypervisor-protected code integrity (HVCI) security feature bypass vulnerability could exist when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with HVCI enabled ... oval:org.secpod.oval:def:98441 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:98442 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. An administrative user must be convinced to open a malicious COM object like an .rtf file. oval:org.secpod.oval:def:98419 Windows USB Hub Driver Remote Code Execution Vulnerability oval:org.secpod.oval:def:98417 Windows Hyper-V Denial of Service Vulnerability oval:org.secpod.oval:def:98420 Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunit ... oval:org.secpod.oval:def:97971 Trusted Compute Base Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:97982 Windows SmartScreen Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. The vulnerability allows a malici ... oval:org.secpod.oval:def:98004 Internet Shortcut Files Security Feature Bypass Vulnerability. An attacker must send the user a malicious file and convince them to open it. An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker w ... oval:org.secpod.oval:def:96677 Windows Hyper-V Denial of Service Vulnerability. An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability which, if successful, could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host. oval:org.secpod.oval:def:96659 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability. Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. oval:org.secpod.oval:def:96653 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. The exploit is only possible wit ... oval:org.secpod.oval:def:96660 Microsoft Bluetooth Driver Spoofing Vulnerability. Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. In order to exploit this vulnerability, the victim must pair with the attacker's Bluetooth device. oval:org.secpod.oval:def:91779 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass the Fast Identity Online (FIDO) secure authentication feature. oval:org.secpod.oval:def:98418 Windows Kerberos Security Feature Bypass Vulnerability. The authentication feature could be bypassed as this vulnerability allows impersonation. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to e ... oval:org.secpod.oval:def:98869 Windows Cryptographic Services Remote Code Execution Vulnerability. For successful exploitation, a malicious certificate needs to be imported on an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authentica ... oval:org.secpod.oval:def:98862 Windows Telephony Server Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98863 Windows Telephony Server Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could create or delete files in the security context of the "NT AUTHORITY\ LOCAL SERVIC ... oval:org.secpod.oval:def:98865 Windows Kerberos Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:98848 DHCP Server Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:98849 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:98844 Microsoft Install Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98846 Windows Kerberos Denial of Service Vulnerability oval:org.secpod.oval:def:98847 DHCP Server Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:98843 Remote Procedure Call Runtime Remote Code Execution Vulnerability. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. To exploit this vulnerability, an authenticated attacker would need to send a specially crafted RPC call to an RPC host. ... oval:org.secpod.oval:def:98850 DHCP Server Service Denial of Service Vulnerability oval:org.secpod.oval:def:98859 Windows Telephony Server Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98855 Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:98856 Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:98857 Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:98858 Windows Cryptographic Services Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass RSA signature verification on a vulnerable system. oval:org.secpod.oval:def:98851 DHCP Server Service Denial of Service Vulnerability oval:org.secpod.oval:def:98853 Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:98854 Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:98860 Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:98861 Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:98916 BitLocker Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. oval:org.secpod.oval:def:98917 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. oval:org.secpod.oval:def:98968 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98962 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:98964 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98970 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98971 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98977 Windows Hyper-V Denial of Service Vulnerability oval:org.secpod.oval:def:98978 Windows Distributed File System (DFS) Remote Code Execution Vulnerability. An attacker could exploit a DFS namespace (non-default) out-of-bound write vulnerability that results in heap corruption, which could then be used to perform arbitrary code execution on the server's dfssvc.exe process which r ... oval:org.secpod.oval:def:98972 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98973 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. oval:org.secpod.oval:def:98974 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. An authenticated attacker could exploit this vulnerability with LAN access. An unauthorized attacker must wait for a user to initiate a connection. oval:org.secpod.oval:def:98943 Windows Distributed File System (DFS) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. oval:org.secpod.oval:def:98944 Windows CSC Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98945 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or ... oval:org.secpod.oval:def:98946 Proxy Driver Spoofing Vulnerability oval:org.secpod.oval:def:98942 Windows Mobile Hotspot Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Exploitation of the vulnerability requires a user to first turn on the Mobile Hotspot before the attacker sta ... oval:org.secpod.oval:def:98958 Secure Boot Security Feature Bypass Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98959 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. An authenticated attacker could exploit this vulnerability with LAN access. oval:org.secpod.oval:def:98954 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98950 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98951 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98952 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:98960 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitatio ... oval:org.secpod.oval:def:98929 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .bcd file. oval:org.secpod.oval:def:98925 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98926 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98927 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. An unauthorized attacker must wait for a user to initiate a connection. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. oval:org.secpod.oval:def:98928 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98924 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98920 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98938 Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially craft ... oval:org.secpod.oval:def:98939 Windows File Server Resource Management Service Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit t ... oval:org.secpod.oval:def:98932 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. An unauthorized attacker must wait for a user to initiate a connection. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. oval:org.secpod.oval:def:98934 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. To successfully exploit this vulnerability, the target server must be configured to allow remote activation of the COM object. In addition, the attacker must have sufficient user privileges on that server. Successful exploitation ... oval:org.secpod.oval:def:98935 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:98930 Secure Boot Security Feature Bypass Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98931 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. An unauthorized attacker must wait for a user to initiate a connection. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. oval:org.secpod.oval:def:94440 ASP.NET Security Feature Bypass Vulnerability. The attacker would be able to bypass the security checks that prevents an attacker from accessing internal applications in a website. oval:org.secpod.oval:def:75363 The host is missing a critical security update for KB5006699 oval:org.secpod.oval:def:77084 Windows Hyper-V Elevation of Privilege Vulnerability. An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability. An attacker who successfully exploited this vulnerability could potentially interact with processes of another Hyper- ... oval:org.secpod.oval:def:77166 The host is missing a critical security update for KB5009555 oval:org.secpod.oval:def:81541 Windows Hyper-V Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code. In this case, a successful attack could be performed from a low p ... oval:org.secpod.oval:def:81904 Windows Hyper-V Information Disclosure Vulnerability. An attacker can gain access to uninitialized buffer information. oval:org.secpod.oval:def:81924 Windows Hyper-V Information Disclosure Vulnerability. The type of information that could be disclosed if a Hyper-V Guest attacker successfully exploited this vulnerability is data from the Hyper-V Host. Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a ... oval:org.secpod.oval:def:82665 Windows Hyper-V Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. An authenticated attacker who successfully exploited a race condition from a Hyper-V guest could attempt to trigger maliciou ... oval:org.secpod.oval:def:82713 The host is missing a critical security update for KB5016627 oval:org.secpod.oval:def:82687 Windows Hyper-V Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85430 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. oval:org.secpod.oval:def:85438 Windows Digital Media Receiver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86104 Windows Hyper-V Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86112 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization ... oval:org.secpod.oval:def:86152 The host is missing a critical security update for KB5021249 oval:org.secpod.oval:def:98867 Windows rndismp6.sys Remote Code Execution Vulnerability. An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability. oval:org.secpod.oval:def:98868 Windows rndismp6.sys Remote Code Execution Vulnerability. An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability. oval:org.secpod.oval:def:98866 Windows Kerberos Elevation of Privilege Vulnerability. An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed i ... oval:org.secpod.oval:def:98976 Secure Boot Security Feature Bypass Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could bypass Secure Boot. An authenticated attacker could exploit this vulnerability with LAN acces ... oval:org.secpod.oval:def:98975 Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. oval:org.secpod.oval:def:98870 Windows Storage Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges. oval:org.secpod.oval:def:93609 HTTP/2 Rapid Reset Attack oval:org.secpod.oval:def:90912 Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules. Trend Micro has released this CVE to address a secure boot bypass. Subsequently Microsoft has released the July Windows security updates to block the vulnerable UEFI modules by using the DBX (UEFI Secure Boot Forbi ... oval:org.secpod.oval:def:77162 Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability oval:org.secpod.oval:def:97950 MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers oval:org.secpod.oval:def:81888 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. oval:org.secpod.oval:def:98915 Intel: CVE-2022-0001 Branch History Injection oval:org.secpod.oval:def:75283 Rich Text Edit Control Information Disclosure Vulnerability oval:org.secpod.oval:def:81889 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. oval:org.secpod.oval:def:81946 The host is missing a critical security update for KB5015827 oval:org.secpod.oval:def:81558 The host is missing an important security update for ADV220002 oval:org.secpod.oval:def:91797 AMD: CVE-2023-20569 Return Address Predictor. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows ... oval:org.secpod.oval:def:81515 Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documente ... oval:org.secpod.oval:def:81514 Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in ... oval:org.secpod.oval:def:81517 Intel: CVE-2022-21166 Device Register Partial Write (DRPW). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being document ... oval:org.secpod.oval:def:81516 Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. Thi ... oval:org.secpod.oval:def:95791 AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest buil ... oval:org.secpod.oval:def:96665 MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow. This is regarding a vulnerability in SQLite. MITRE assigned this CVE number on behalf of the SQLite organization. Microsoft has included the updated library in Windows that addresses this vulnerability. oval:org.secpod.oval:def:74899 Windows SMB Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. oval:org.secpod.oval:def:74898 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space ... oval:org.secpod.oval:def:74895 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability oval:org.secpod.oval:def:74893 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74894 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74888 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74889 Windows Authenticode Spoofing Vulnerability oval:org.secpod.oval:def:74886 Windows Scripting Engine Memory Corruption Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file:* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open ... oval:org.secpod.oval:def:74887 Windows Bind Filter Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74891 Windows Installer Denial of Service Vulnerability oval:org.secpod.oval:def:74890 Windows SMB Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. oval:org.secpod.oval:def:74936 The host is missing a critical security update for KB5005575 oval:org.secpod.oval:def:74931 The host is missing a critical security update for KB5005565 oval:org.secpod.oval:def:74916 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74917 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74914 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74915 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74912 Windows Storage Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. oval:org.secpod.oval:def:74913 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74910 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode pro ... oval:org.secpod.oval:def:74911 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode pro ... oval:org.secpod.oval:def:74907 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:74908 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74905 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a ... oval:org.secpod.oval:def:74906 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74903 Windows Key Storage Provider Security Feature Bypass Vulnerability. A successful attacker could bypass the Windows Key Storage Provider which issues key certificates for trust in attestation scenarios. oval:org.secpod.oval:def:74904 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74901 Windows SMB Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74902 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74900 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74909 Microsoft Windows Update Client Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76439 Windows Hyper-V Denial of Service Vulnerability oval:org.secpod.oval:def:76437 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:76436 NTFS Set Short Name Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76435 Windows Recovery Environment Agent Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76434 Windows Remote Access Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76433 Windows Setup Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76443 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76441 Windows Digital Media Receiver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76440 Windows TCP/IP Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76429 Remote Desktop Client Remote Code Execution Vulnerability oval:org.secpod.oval:def:76428 Windows Event Tracing Remote Code Execution Vulnerability oval:org.secpod.oval:def:76427 Windows NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76426 Windows NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76425 Windows NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76424 SymCrypt Denial of Service Vulnerability oval:org.secpod.oval:def:76423 Storage Spaces Controller Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:76422 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76432 Microsoft Message Queuing Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:76431 Storage Spaces Controller Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:76430 Windows Fax Service Remote Code Execution Vulnerability oval:org.secpod.oval:def:76444 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76419 Microsoft Message Queuing Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:76418 DirectX Graphics Kernel File Denial of Service Vulnerability oval:org.secpod.oval:def:76417 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. oval:org.secpod.oval:def:76416 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode proc ... oval:org.secpod.oval:def:76414 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76413 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76421 Windows Common Log File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:76420 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76470 The host is missing a critical security update for KB5008223 oval:org.secpod.oval:def:84758 Windows DHCP Client Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory. oval:org.secpod.oval:def:84759 Windows Storage Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:84754 Windows DHCP Client Elevation of Privilege Vulnerability. An authenticated attacker could leverage a specially crafted RPC call to the DHCP service to exploit this vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84755 Windows Event Logging Service Denial of Service Vulnerability. The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. oval:org.secpod.oval:def:84756 Windows Local Session Manager (LSM) Denial of Service Vulnerability. In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer exec ... oval:org.secpod.oval:def:84751 Windows Local Session Manager (LSM) Denial of Service Vulnerability. This vulnerability could lead to a contained execution environment escape. oval:org.secpod.oval:def:84780 Windows NTLM Spoofing Vulnerability. The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe. oval:org.secpod.oval:def:84781 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:84779 Windows TCP/IP Driver Denial of Service Vulnerability. Systems are not affected if IPv6 is disabled on the target machine. oval:org.secpod.oval:def:84775 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84776 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84777 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84778 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84760 Windows USB Serial Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unintentional read access from uninitialized memory, which can be from either kernel memory or another user-mode process. oval:org.secpod.oval:def:84761 Windows CD-ROM File System Driver Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:84762 Server Service Remote Protocol Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:84797 Windows Kernel Memory Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:84798 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84799 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84793 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84794 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84795 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84796 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84790 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84791 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84792 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84786 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:84787 Microsoft DWM Core Library Elevation of Privilege Vulnerability. This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of me ... oval:org.secpod.oval:def:84788 Windows WLAN Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84789 Windows Win32k Elevation of Privilege Vulnerability. An attacker could use this vulnerability to elevate privileges from Low Integrity Level in a contained ("sandboxed") excution environment to escalate to a Medium Integrity Level or a High Integrity Level. oval:org.secpod.oval:def:84782 Windows DWM Core Library Elevation of Privilege Vulnerability. This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of meth ... oval:org.secpod.oval:def:84784 Windows Group Policy Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:84785 Windows Hyper-V Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. An attacker on a Nested Hyper-V ... oval:org.secpod.oval:def:84852 Windows Graphics Component Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to gain SYSTEM privileges. oval:org.secpod.oval:def:84853 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. Successful exploitation could lead to a contained execution environment escape oval:org.secpod.oval:def:84854 Active Directory Domain Services Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to could gain domain administrator privileges. oval:org.secpod.oval:def:84850 Windows Graphics Component Information Disclosure Vulnerability. Successful exploitation could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:84851 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to gain SYSTEM privileges. oval:org.secpod.oval:def:84849 Windows Active Directory Certificate Services Security Feature Bypass oval:org.secpod.oval:def:84848 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability oval:org.secpod.oval:def:84844 Windows GDI+ Remote Code Execution Vulnerability oval:org.secpod.oval:def:84816 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84818 Windows COM+ Event System Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84819 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84812 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84813 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:84814 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:84815 Windows Security Support Provider Interface Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of certain kernel memory content. oval:org.secpod.oval:def:84810 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84811 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84805 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:84806 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. On machines with slow or older USB controller hardware, the Group policy might have (silently) failed to apply. On such machines, the attacker can trivially exploit this enforcement failure by attaching a USB storage d ... oval:org.secpod.oval:def:84807 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability. An attacker who successfully exploits this vulnerability would be able to remotely read registry keys under HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine not normally acc ... oval:org.secpod.oval:def:84808 Windows Workstation Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only. oval:org.secpod.oval:def:84801 Windows Kernel Elevation of Privilege Vulnerability. An attacker would only be able to delete empty folders on a vulnerable system in the context of the SYSTEM account. They would not gain privileges to view or modify file contents or delete folders containing files. oval:org.secpod.oval:def:84802 Windows Distributed File System (DFS) Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of certain kernel memory content. oval:org.secpod.oval:def:84804 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84800 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:75809 Windows Desktop Bridge Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75808 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability. A remote code execution vulnerability exists when a VM guest fails to properly handle communication on a VMBus channel. To exploit the vulnerability, an authenticated attacker could send a specially crafted communication on t ... oval:org.secpod.oval:def:75829 NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75827 Windows Feedback Hub Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:75826 Chakra Scripting Engine Memory Corruption Vulnerability oval:org.secpod.oval:def:75824 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:75823 Microsoft Windows Media Foundation Remote Code Execution Vulnerability oval:org.secpod.oval:def:75821 Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability oval:org.secpod.oval:def:75820 Windows Installer Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:75819 Windows NTFS Remote Code Execution Vulnerability oval:org.secpod.oval:def:75818 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75817 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators. oval:org.secpod.oval:def:75816 NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75815 NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75814 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75813 Windows Denial of Service Vulnerability oval:org.secpod.oval:def:75812 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:75811 Remote Desktop Protocol Client Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized and/or uninitialized memory in the process heap. oval:org.secpod.oval:def:75810 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators. oval:org.secpod.oval:def:75843 The host is missing a critical security update for KB5007205 oval:org.secpod.oval:def:75831 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75830 Windows Hyper-V Denial of Service Vulnerability. Installations of Hyper-V with GRE (Generic Routing Encapsulation) enabled is vulnerable. oval:org.secpod.oval:def:10000151 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000156 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of certain kernel memory content. oval:org.secpod.oval:def:10000157 Windows DWM Core Library Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:10000155 Windows DWM Core Library Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:10000159 Windows DWM Core Library Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:10000146 Windows DWM Core Library Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. oval:org.secpod.oval:def:10000147 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000135 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:10000062 Windows Hyper-V Remote Code Execution Vulnerability. This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. The attacker must ... oval:org.secpod.oval:def:10000063 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98961 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:98963 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:10000058 Windows Hyper-V Remote Code Execution Vulnerability. The attacker must be authenticated to be able to exploit this vulnerability. An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on the host from a remote machine. oval:org.secpod.oval:def:10000059 Windows Hyper-V Denial of Service Vulnerability oval:org.secpod.oval:def:98940 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:10000074 Windows MSHTML Platform Security Feature Bypass Vulnerability. This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. An attacker would have to convince the user to load a malicious file onto a vulnerable system, typica ... oval:org.secpod.oval:def:10000072 Win32k Elevation of Privilege Vulnerability. A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. oval:org.secpod.oval:def:10000070 Windows Search Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. oval:org.secpod.oval:def:98936 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98933 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:10000152 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:10000153 NTFS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:10000150 Windows Cryptographic Services Remote Code Execution Vulnerability. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. For succes ... oval:org.secpod.oval:def:10000154 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and ... oval:org.secpod.oval:def:10000158 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:10000149 DHCP Server Service Denial of Service Vulnerability oval:org.secpod.oval:def:10000148 Windows Cryptographic Services Information Disclosure Vulnerability. For successful exploitation, a locally authenticated attacker needs to send a specially crafted request to the cryptography provider's vulnerable function. An attacker who successfully exploited this vulnerability could potentially ... oval:org.secpod.oval:def:10000136 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:10000064 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Successful exploitation of this vulnerability requires an attacker to gather i ... oval:org.secpod.oval:def:10000065 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Successful exploitation of this vulnerability requires an attacker to gather i ... oval:org.secpod.oval:def:10000068 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Successful exploitation of this vulnerability requires an attacker to gather i ... oval:org.secpod.oval:def:10000066 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Successful exploitation of this vulnerability requires an attacker to gather i ... oval:org.secpod.oval:def:10000067 Win32k Elevation of Privilege Vulnerability. A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. oval:org.secpod.oval:def:10000060 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Successful exploitation of this vulnerability requires an attacker to gather i ... oval:org.secpod.oval:def:10000061 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Successful exploitation of this vulnerability requires an attacker to gather i ... oval:org.secpod.oval:def:10000057 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Successful exploitation of this vulnerability requires an attacker to gather i ... oval:org.secpod.oval:def:10000055 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:10000075 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:10000076 Windows Mark of the Web Security Feature Bypass Vulnerability. To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality ... oval:org.secpod.oval:def:10000073 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:10000071 Windows Deployment Services Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. oval:org.secpod.oval:def:98435 Intel: CVE-2023-28746 Register File Data Sampling (RFDS) oval:org.secpod.oval:def:98478 The host is missing a critical security update for KB5035857 oval:org.secpod.oval:def:98450 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:98459 Microsoft QUIC Denial of Service Vulnerability oval:org.secpod.oval:def:98430 Windows Error Reporting Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98438 Windows Installer Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run ... oval:org.secpod.oval:def:98440 Microsoft ODBC Driver Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to th ... oval:org.secpod.oval:def:98443 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:98421 Windows Update Stack Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to ... oval:org.secpod.oval:def:98005 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:98018 The host is missing a critical security update for KB5034770 oval:org.secpod.oval:def:97992 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred t ... oval:org.secpod.oval:def:97956 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. This attack is limited to systems connected to the same network segmen ... oval:org.secpod.oval:def:10000168 The host is missing an important security update for KB 5037782 oval:org.secpod.oval:def:10000145 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000144 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000141 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000142 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000140 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000143 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000138 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000139 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:10000137 Windows Mobile Broadband Driver Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine. oval:org.secpod.oval:def:98416 Windows Hyper-V Remote Code Execution Vulnerability. This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. Successful exploit ... oval:org.secpod.oval:def:98002 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:98003 Windows Printing Service Spoofing Vulnerability. In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. oval:org.secpod.oval:def:97968 The host is installed with Azure File Sync Agent 4.x before 16.2.0 or 17.x before 17.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors. Successful exploitation allows attackers to create new files in di ... oval:org.secpod.oval:def:98001 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97958 Windows DNS Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:98000 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:97999 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:97957 Windows OLE Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client t ... oval:org.secpod.oval:def:97997 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97998 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97995 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97996 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97993 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97994 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97991 Windows Kernel Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass the Windows Code Integrity Guard (CIG). An authenticated attacker could replace valid file content with specially crafted file content. oval:org.secpod.oval:def:97987 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97988 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97989 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97990 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send special ... oval:org.secpod.oval:def:97986 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:97985 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:97955 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability oval:org.secpod.oval:def:97980 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability. An attacker would need to set up a malicious server and create a proof-of-concept script. The victim would then need to be convinced, possibly through social engineering techniques, to run this script, which would connect to the mal ... oval:org.secpod.oval:def:97981 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:97983 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:97954 Internet Connection Sharing (ICS) Denial of Service Vulnerability oval:org.secpod.oval:def:97979 Microsoft ODBC Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An authenticated victim who is connected to the network must be tricked or persuaded to co ... oval:org.secpod.oval:def:97975 Windows Network Address Translation (NAT) Denial of Service Vulnerability oval:org.secpod.oval:def:97976 Windows Network Address Translation (NAT) Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. oval:org.secpod.oval:def:97973 Windows Kernel Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:97974 Windows Kernel Remote Code Execution Vulnerability oval:org.secpod.oval:def:97952 Windows USB Generic Parent Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:97972 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could expl ... oval:org.secpod.oval:def:97951 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. oval:org.secpod.oval:def:96684 Windows Themes Spoofing Vulnerability. An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily c ... oval:org.secpod.oval:def:96662 Microsoft Message Queuing Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:96683 Windows Server Key Distribution Service Security Feature Bypass. This vulnerability can be exploited when an attacker with admin privileges creates an x509 certificate with an MD5 property, which causes certificate validation to fail with no further validation checks. oval:org.secpod.oval:def:96682 Windows TCP/IP Information Disclosure Vulnerability. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. The type of information t ... oval:org.secpod.oval:def:96681 Windows Cryptographic Services Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. For successful exploitation, a locally authenticated attacker needs to send a specially crafted request to the cryptogr ... oval:org.secpod.oval:def:96680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:96661 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:96679 Remote Desktop Client Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthorized attacker must wait for a user to initiate a connection. oval:org.secpod.oval:def:96678 Windows Hyper-V Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. oval:org.secpod.oval:def:96658 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:96675 Windows Libarchive Remote Code Execution Vulnerability. An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it. oval:org.secpod.oval:def:96674 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. An attacker could exploit the vulnerability by convincing, or waiting for, a user to connect to an Active Directory Domain Controller and then stealing network secrets. When the vulnerability is successfully e ... oval:org.secpod.oval:def:96673 Windows Themes Information Disclosure Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:96657 Windows CoreMessaging Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory. oval:org.secpod.oval:def:96672 Microsoft AllJoyn API Denial of Service Vulnerability oval:org.secpod.oval:def:96670 Windows Cryptographic Services Remote Code Execution Vulnerability. Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:96655 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:96669 Windows Subsystem for Linux Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:96668 Windows Kerberos Security Feature Bypass Vulnerability. The authentication feature could be bypassed as this vulnerability allows impersonation. An authenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, ... oval:org.secpod.oval:def:96654 Windows Message Queuing Client (MSMQC) Information Disclosure. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:96649 Microsoft Message Queuing Denial of Service Vulnerability. oval:org.secpod.oval:def:96650 Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability. To successfully exploit this vulnerability the attacker must be an authenticated user that is granted the "manage online responder" permission. This permission defines who can use the Online Responder snap-in to ... oval:org.secpod.oval:def:96652 Microsoft Message Queuing Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:96651 Windows Message Queuing Client (MSMQC) Information Disclosure. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:96667 Windows Group Policy Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:96648 Microsoft Message Queuing Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:96647 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain privilege escalation in the processing of .vhdx files in the Windows Kernel. oval:org.secpod.oval:def:96646 Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To successfully exploit this vulnerability the attacker must be an authenticated user that is granted the "manage onlin ... oval:org.secpod.oval:def:96666 Microsoft Common Log File System Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:96645 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attac ... oval:org.secpod.oval:def:96644 Windows HTML Platforms Security Feature Bypass Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. The MapURLToZone method could be bypassed by an attacker if the API returned a Zone value of 'Intranet' b ... oval:org.secpod.oval:def:95814 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:95827 The host is missing a critical security update for KB5033118 oval:org.secpod.oval:def:95812 DHCP Server Service Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) ... oval:org.secpod.oval:def:95811 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:95810 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:95808 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. The attacker must inject themsel ... oval:org.secpod.oval:def:95809 Windows Telephony Server Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could execute code in the security context of the "NT AUTHORITY\Network Service" accoun ... oval:org.secpod.oval:def:95804 Internet Connection Sharing (ICS) Denial of Service Vulnerability. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtu ... oval:org.secpod.oval:def:95807 XAML Diagnostics Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. An authorized attacker with regular user privileges may be able to inject a malicious file and then convince a user to execute a UWP application. oval:org.secpod.oval:def:95806 Windows Sysmain Service Elevation of Privilege. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:95805 DHCP Server Service Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory. oval:org.secpod.oval:def:95803 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or v ... oval:org.secpod.oval:def:95802 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the atta ... oval:org.secpod.oval:def:95801 DHCP Server Service Denial of Service Vulnerability oval:org.secpod.oval:def:95796 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or v ... oval:org.secpod.oval:def:95794 Windows MSHTML Platform Remote Code Execution Vulnerability. The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Pre ... oval:org.secpod.oval:def:95792 Windows Media Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file:* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the fil ... oval:org.secpod.oval:def:94441 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. To exploit this vulnerability an attacker would have to inject arbitrary commands to the FTP server. The type of information that could be disclosed if an attacker successfully exploited this vulnerability would be access ... oval:org.secpod.oval:def:94484 Windows Installer Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94485 Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a sp ... oval:org.secpod.oval:def:94497 The host is missing a critical security update for KB5032198 oval:org.secpod.oval:def:94483 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:94479 Microsoft Remote Registry Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker must be an authenticated user on the network who is a member of the performance log users group. Although this group defaults to only Administrators, it is possi ... oval:org.secpod.oval:def:94480 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to a High Integrity Level. oval:org.secpod.oval:def:94481 Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have both domain user and delegate management permissions on a non-default DFS namespace. An attacker could exploit a DFS namespace (non- ... oval:org.secpod.oval:def:94453 Microsoft Defender Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94475 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94476 Windows Hyper-V Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. oval:org.secpod.oval:def:94477 Windows Hyper-V Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94478 Windows Hyper-V Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability would require an unauthenticated attacker on a guest VM to send specially crafted file operation requests to the VM's hardware resources wh ... oval:org.secpod.oval:def:94471 Microsoft Remote Registry Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker must be an authenticated user on the network who is a member of the performance log users group. Although this group defaults to only Administrators, it is possi ... oval:org.secpod.oval:def:94472 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:94473 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94474 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is values of registry keys the attacker does not have permissions to view. oval:org.secpod.oval:def:94468 Windows NTFS Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. In this case, a successful atta ... oval:org.secpod.oval:def:94469 Windows Storage Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results ... oval:org.secpod.oval:def:94467 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. oval:org.secpod.oval:def:94470 Windows HMAC Key Derivation Elevation of Privilege Vulnerability. In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment. An attacker who successfully ... oval:org.secpod.oval:def:94464 Windows Search Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94465 Windows Deployment Services Denial of Service Vulnerability oval:org.secpod.oval:def:94462 DHCP Server Service Denial of Service Vulnerability oval:org.secpod.oval:def:94463 Windows User Interface Application Core Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:94461 Windows Authentication Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94459 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94458 Windows DWM Core Library Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:94457 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network. oval:org.secpod.oval:def:94455 Windows Scripting Engine Memory Corruption Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this spec ... oval:org.secpod.oval:def:93692 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93670 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93656 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93715 The host is missing a critical security update for KB5031364 oval:org.secpod.oval:def:93689 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93690 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93691 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93669 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93668 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93654 Microsoft QUIC Denial of Service Vulnerability. The MsQuic server application or process will crash, resulting in a denial of service. oval:org.secpod.oval:def:93655 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93667 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93687 Windows Graphics Component Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93688 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could le ... oval:org.secpod.oval:def:93653 Windows Runtime Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:93650 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93652 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93608 Win32k Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. oval:org.secpod.oval:def:93685 Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:93648 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93649 Named Pipe File System Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93683 Active Directory Domain Services Information Disclosure Vulnerability oval:org.secpod.oval:def:93684 Windows Container Manager Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:93682 Windows Error Reporting Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93666 Windows Common Log File System Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:93647 Windows Power Management Service Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. oval:org.secpod.oval:def:93678 Windows Deployment Services Denial of Service Vulnerability oval:org.secpod.oval:def:93679 Windows Media Foundation Core Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:93665 Microsoft AllJoyn API Denial of Service Vulnerability oval:org.secpod.oval:def:93644 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could create or delete files in the security context of the NT AUTHORITY\ LOCAL SERVICE account. An attacker would only be able to delete targeted files on a system. A ... oval:org.secpod.oval:def:93676 Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93677 DHCP Server Service Denial of Service Vulnerability oval:org.secpod.oval:def:93664 Windows Deployment Services Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:93642 Windows Kernel Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass the Windows Arbitrary Code Guard exploit protection feature. oval:org.secpod.oval:def:93675 Windows TCP/IP Denial of Service Vulnerability oval:org.secpod.oval:def:93639 Windows Named Pipe Filesystem Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93640 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:93641 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93674 Windows TCP/IP Denial of Service Vulnerability oval:org.secpod.oval:def:93662 Remote Procedure Call Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:93637 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93638 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability oval:org.secpod.oval:def:93610 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93636 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93634 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93635 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93633 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93632 Windows upnphost.dll Denial of Service Vulnerability. An attacker could impact availability of the service resulting in Denial of Service (DoS). oval:org.secpod.oval:def:93630 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93629 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93627 Microsoft Message Queuing Denial of Service Vulnerability. oval:org.secpod.oval:def:93628 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:93625 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to ... oval:org.secpod.oval:def:93626 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93623 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93624 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is device information like resource ids, sas tokens, user properties, and other sensitive information. Any authenticated attacker could trigge ... oval:org.secpod.oval:def:93618 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93619 Microsoft Message Queuing Remote Code Execution Vulnerability. uccessful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or compromi ... oval:org.secpod.oval:def:93621 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93622 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93620 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an authenticated domain user to remotely execute code on the target server. The attacker needs to convince a user on the target machine to connect to a malicious server or comprom ... oval:org.secpod.oval:def:93661 Windows Deployment Services Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:93614 Microsoft QUIC Denial of Service Vulnerability. The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. oval:org.secpod.oval:def:93613 Windows IIS Server Elevation of Privilege Vulnerability. The attacker would be able to login as another user successfully. In a network-based attack, an attacker could brute force user account passwords to log in as that user. oval:org.secpod.oval:def:93616 Microsoft WordPad Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of NTLM hashes. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vuln ... oval:org.secpod.oval:def:93612 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:93671 Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory. oval:org.secpod.oval:def:93611 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. oval:org.secpod.oval:def:92997 Windows TCP/IP Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. An attacker who successfully exploited the vulnerability could view sensitive information (Confidentiality). While the attacker can not ... oval:org.secpod.oval:def:92999 DHCP Server Service Denial of Service Vulnerability. Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. oval:org.secpod.oval:def:92998 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:93103 The host is missing a critical security update for KB5030216 oval:org.secpod.oval:def:92996 DHCP Server Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all ... oval:org.secpod.oval:def:92993 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or v ... oval:org.secpod.oval:def:92992 Windows Miracast Wireless Display Remote Code Execution Vulnerability. Exploiting this vulnerability requires an attacker to be within proximity of the target system in order to send and receive radio transmissions. An unauthenticated attacker could project to a vulnerable system on the same wireles ... oval:org.secpod.oval:def:92994 Windows TCP/IP Denial of Service Vulnerability. Systems are not affected if IPv6 is disabled on the target machine. oval:org.secpod.oval:def:92989 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:92991 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:92990 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:92986 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:92985 Windows MSHTML Platform Security Feature Bypass Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Successful exploitation of this vulnerability requires an attacker to gather information spec ... oval:org.secpod.oval:def:92988 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:92987 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:92982 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability. CVE-2023-36802 oval:org.secpod.oval:def:92981 DHCP Server Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:92984 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:92983 Windows Kernel Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:93041 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:93042 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:93039 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:93040 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:92980 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:91822 .NET Framework Spoofing Vulnerability. Successful exploitation of this vulnerability requires an attacker to create a crafted certificate in order to validate themselves as a trusted source. oval:org.secpod.oval:def:91821 ASP.NET Elevation of Privilege Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to gain the rights of the user that is running the affected application. oval:org.secpod.oval:def:91783 Windows Mobile Device Management Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:91816 Microsoft Message Queuing Denial of Service Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a deni ... oval:org.secpod.oval:def:91855 The host is missing a critical security update for KB5029250 oval:org.secpod.oval:def:91780 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An authenticated attacker who successfully exploited this vulnerability could gain code execution through a specially ... oval:org.secpod.oval:def:91815 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:91811 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server. oval:org.secpod.oval:def:91813 Microsoft Message Queuing Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory ... oval:org.secpod.oval:def:91812 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:91778 Windows Hyper-V Information Disclosure Vulnerability. The type of information that could be disclosed if a Hyper-V Guest attacker successfully exploited this vulnerability is data from the Hyper-V Host. Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a ... oval:org.secpod.oval:def:91810 Microsoft Message Queuing Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. oval:org.secpod.oval:def:91818 Windows Cryptographic Services Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:91809 Microsoft Message Queuing Denial of Service Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a deni ... oval:org.secpod.oval:def:91776 Windows System Assessment Tool Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:91775 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:91782 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:91817 Windows Cryptographic Services Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:91781 Windows Group Policy Security Feature Bypass Vulnerability. An authenticated attacker who successfully exploited this vulnerability could read specific Group Policy configuration settings. oval:org.secpod.oval:def:91807 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applic ... oval:org.secpod.oval:def:91802 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:91804 Windows HTML Platforms Security Feature Bypass Vulnerability. A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet ... oval:org.secpod.oval:def:91803 Microsoft Message Queuing Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory. oval:org.secpod.oval:def:91806 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:91805 Microsoft Message Queuing Remote Code Execution Vulnerability. The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotel ... oval:org.secpod.oval:def:91770 Windows Projected File System Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. An attacker who successfull ... oval:org.secpod.oval:def:91772 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open t ... oval:org.secpod.oval:def:91801 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:91799 Microsoft Message Queuing Denial of Service Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a deni ... oval:org.secpod.oval:def:91800 Microsoft Message Queuing Denial of Service Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a deni ... oval:org.secpod.oval:def:91798 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90892 Windows Error Reporting Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges. An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the ma ... oval:org.secpod.oval:def:90894 Windows Search Remote Code Execution Vulnerability. In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the remote code execution vulnerability. In any case an attacker would have no way to force a user to vie ... oval:org.secpod.oval:def:90919 The host is missing a critical security update for KB5028171 oval:org.secpod.oval:def:90889 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. oval:org.secpod.oval:def:90890 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. oval:org.secpod.oval:def:90807 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90806 Windows Clip Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90808 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90888 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running. oval:org.secpod.oval:def:90801 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90803 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90802 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90805 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90804 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90870 Active Directory Federation Service Security Feature Bypass Vulnerability. An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victi ... oval:org.secpod.oval:def:90800 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90885 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability. An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnerable Certificate Server. By default, only domain administrators are granted CA read access. oval:org.secpod.oval:def:90886 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker with Certificate Authority (CA) read access permissions can send a specially crafted request to a vulnera ... oval:org.secpod.oval:def:90799 Windows Geolocation Service Remote Code Execution Vulnerability. An attacker must send the user a malicious input file and convince the user to open said input file. oval:org.secpod.oval:def:90760 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90762 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90761 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90884 Microsoft Install Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. An attacker who successfully exploits this vulnerability cannot access files but can overwrite their contents and potentially cause the service to b ... oval:org.secpod.oval:def:90881 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:90880 Windows CryptoAPI Denial of Service Vulnerability oval:org.secpod.oval:def:90883 Windows Image Acquisition Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90882 Microsoft DirectMusic Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:90759 Windows MSHTML Platform Security Feature Bypass Vulnerability oval:org.secpod.oval:def:90798 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90879 Windows Peer Name Resolution Protocol Denial of Service Vulnerability oval:org.secpod.oval:def:90797 Windows Extended Negotiation Denial of Service Vulnerability oval:org.secpod.oval:def:90796 Windows Authentication Denial of Service Vulnerability oval:org.secpod.oval:def:90876 Windows Transaction Manager Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90878 Windows Remote Desktop Protocol Security Feature Bypass. The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who success ... oval:org.secpod.oval:def:90757 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:90758 Windows Print Spooler Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:90874 Windows OLE Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:90873 Windows Deployment Services Remote Code Execution Vulnerability. An attacker with user permissions could alter specific variables in the CNTCIR Packet of the WDSMA protocol in order to exploit this vulnerability. For more information about CNTCIR Packet see CNTCIR Packet. oval:org.secpod.oval:def:90875 Windows CDP User Components Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:90755 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90756 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90795 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90872 Windows Deployment Services Denial of Service Vulnerability oval:org.secpod.oval:def:90753 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90754 Remote Procedure Call Runtime Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:90793 Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:90794 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. oval:org.secpod.oval:def:90871 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges. oval:org.secpod.oval:def:90752 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90751 Windows MSHTML Platform Security Feature Bypass Vulnerability oval:org.secpod.oval:def:90792 Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:90869 Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges. oval:org.secpod.oval:def:90750 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. oval:org.secpod.oval:def:90791 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90790 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90868 USB Audio Class System Driver Remote Code Execution Vulnerability. An authenticated attacker could use Remote Desktop to connect to a vulnerable system that has Plug and Play device redirection enabled. Alternatively, an attacker could plug a specially crafted USB device into the port of a vulnerabl ... oval:org.secpod.oval:def:90748 Remote Procedure Call Runtime Remote Code Execution Vulnerability. The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. oval:org.secpod.oval:def:90749 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability oval:org.secpod.oval:def:90865 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. This attack is limited to systems connected to the same network segmen ... oval:org.secpod.oval:def:90867 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90866 HTTP.sys Denial of Service Vulnerability. In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the Server Name Indication (SNI) over HTTP Protocol Stack (http.sys) to process packets, causing a denial of service (DOS). oval:org.secpod.oval:def:90746 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90745 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90747 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability oval:org.secpod.oval:def:90864 Windows Cryptographic Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:90742 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90744 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90743 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90741 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90740 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90789 Windows Network Load Balancing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. oval:org.secpod.oval:def:90863 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90862 Windows Partition Management Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90739 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:90788 Microsoft Failover Cluster Information Disclosure Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles Cluster Admin and Cluster Operator can access this. oval:org.secpod.oval:def:90787 Microsoft Message Queuing Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. oval:org.secpod.oval:def:90861 HTTP.sys Denial of Service Vulnerability oval:org.secpod.oval:def:90786 Active Template Library Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. oval:org.secpod.oval:def:90785 Windows Installer Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90860 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90859 Volume Shadow Copy Elevation of Privilege Vulnerability. The attacker would gain the rights of the user that is running the affected application. An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Vo ... oval:org.secpod.oval:def:90783 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:90737 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. oval:org.secpod.oval:def:90782 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:90856 OLE Automation Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:90855 Windows Update Orchestrator Service Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:90857 Windows Remote Desktop Security Feature Bypass Vulnerability. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server. oval:org.secpod.oval:def:90735 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90736 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. oval:org.secpod.oval:def:90780 Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be pe ... oval:org.secpod.oval:def:90781 Microsoft ODBC Driver Remote Code Execution Vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32038 oval:org.secpod.oval:def:90734 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90779 Microsoft Failover Cluster Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles "Cluster Admin" and "Cluster Operator" can access this. oval:org.secpod.oval:def:90778 Windows Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90397 .NET Framework Remote Code Execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker convinces a victim to download and open a specially crafted file from a w ... oval:org.secpod.oval:def:90400 .NET Framework Remote code execution Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to cause a denial of service vulnerability. oval:org.secpod.oval:def:90359 Windows CryptoAPI Denial of Service Vulnerability oval:org.secpod.oval:def:90384 The host is missing a critical security update for KB5027225 oval:org.secpod.oval:def:90356 Windows Server Service Security Feature Bypass Vulnerability. Attacker who successfully exploited this vulnerability could execute RPC procedures that are restricted to privileged accounts, bypassing the access check for the RPC procedures. To exploit this vulnerability, an attacker could execute a ... oval:org.secpod.oval:def:90376 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. oval:org.secpod.oval:def:90377 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability. Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:90341 Windows Installer Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:90372 Windows iSCSI Discovery Service Denial of Service Vulnerability oval:org.secpod.oval:def:90374 Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:90375 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. oval:org.secpod.oval:def:90370 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability. This vulnerability could also be exploited through a physical attack vector. An attacke ... oval:org.secpod.oval:def:90371 Windows Collaborative Translation Framework Elevation of Privilege Vulnerability. In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppC ... oval:org.secpod.oval:def:90350 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:90351 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attac ... oval:org.secpod.oval:def:90367 iSCSI Target WMI Provider Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to exe ... oval:org.secpod.oval:def:90368 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:90369 Windows Media Remote Code Execution Vulnerability. An attacker must send the user a malicious file and convince the user to open said file. oval:org.secpod.oval:def:90348 Windows Filtering Platform Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain administrator privileges. oval:org.secpod.oval:def:90349 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90366 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. oval:org.secpod.oval:def:90345 Windows Authentication Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90346 Windows Media Remote Code Execution Vulnerability oval:org.secpod.oval:def:90347 Windows Geolocation Service Remote Code Execution Vulnerability oval:org.secpod.oval:def:90363 Microsoft Streaming Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90364 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90365 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:90343 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90344 GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:90340 NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:90342 Windows Group Policy Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. This vulnerability could allow a standard domain user to delete arbitrary files and folders with system privileges. This could be achiev ... oval:org.secpod.oval:def:90360 Windows CryptoAPI Denial of Service Vulnerability oval:org.secpod.oval:def:89700 Windows MSHTML Platform Security Feature Bypass Vulnerability. An attacker can craft a malicious URL that would evade zone checks, resulting in a limited loss of integrity and availability of the victim machine. oval:org.secpod.oval:def:89719 Windows OLE Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. In an email attack scenario, an attacker could exploit the vulnerab ... oval:org.secpod.oval:def:89718 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a speciall ... oval:org.secpod.oval:def:89716 Windows iSCSI Target Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:89698 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:89715 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. When Windows Message Queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. oval:org.secpod.oval:def:89714 Remote Procedure Call Runtime Denial of Service Vulnerability oval:org.secpod.oval:def:89695 Windows Bluetooth Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is one byte of kernel memory could be leaked back to the attacker. oval:org.secpod.oval:def:89694 Windows Network File System Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). oval:org.secpod.oval:def:89713 Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability oval:org.secpod.oval:def:89690 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. T ... oval:org.secpod.oval:def:89711 Windows Graphics Component Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. An attacker who successfully exploited this vulnera ... oval:org.secpod.oval:def:89688 Windows NFS Portmapper Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:89687 Windows NTLM Security Support Provider Information Disclosure Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:85456 The host is missing a critical security update for KB5019081 oval:org.secpod.oval:def:88972 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular ... oval:org.secpod.oval:def:89028 The host is missing a critical security update for KB5025230 oval:org.secpod.oval:def:88971 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular ... oval:org.secpod.oval:def:88970 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular ... oval:org.secpod.oval:def:88968 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:88969 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular ... oval:org.secpod.oval:def:86792 The host is missing a critical security update for KB5022291 oval:org.secpod.oval:def:88966 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:88933 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88964 Windows DNS Server Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:88965 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:88962 Windows Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88963 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via OLEDB (CVSS metric AV:N), which could result in the server rece ... oval:org.secpod.oval:def:88961 Windows Clip Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88960 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88959 Windows Kernel Memory Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. oval:org.secpod.oval:def:88958 Remote Desktop Protocol Client Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:89015 Windows Boot Manager Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot to run unauthorized code. To be successful the attacker would need either physical access or administrator privileges. oval:org.secpod.oval:def:88957 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular ... oval:org.secpod.oval:def:88956 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular ... oval:org.secpod.oval:def:89013 Windows Common Log File System Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88955 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:88953 Windows Kernel Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:89011 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. When the Windows Message Queuing service is enabled, an attacker who successfully exploited this vulnerability could send a specially crafted file over the network to achieve remote code execution and attempt to trigger m ... oval:org.secpod.oval:def:89012 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88951 Windows Registry Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:88952 Windows Network File System Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:88950 Windows Network Load Balancing Remote Code Execution Vulnerability. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virt ... oval:org.secpod.oval:def:89008 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:89009 Windows Kerberos Elevation of Privilege Vulnerability. An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session ke ... oval:org.secpod.oval:def:88948 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88949 Windows Kernel Remote Code Execution Vulnerability. An attacker must send the user a malicious input file and convince the user to open said input file. An attacker or victim needs to execute code from the local machine to exploit the vulnerability. oval:org.secpod.oval:def:89006 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. Only systems with the IKE and AuthIP IPsec Keying Modules running are vulnerable to this attack. oval:org.secpod.oval:def:89002 DHCP Server Service Remote Code Execution Vulnerability. An authenticated attacker could leverage a specially crafted RPC call to the DHCP service to exploit this vulnerability. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted n ... oval:org.secpod.oval:def:88946 Windows Spoofing Vulnerability. An attacker could convince a user on the target device to open a maliciously crafted HTA file designed to appear as a legitimately signed WIM file (Windows Imaging Format). oval:org.secpod.oval:def:88945 Windows NTLM Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:89000 Windows Bluetooth Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Exploiting this vulnerability requires an attacker to be within proximity of the target system ... oval:org.secpod.oval:def:89001 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:88998 Windows Error Reporting Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to locate a machine with rare, seldom used, non-default telemetry settings ... oval:org.secpod.oval:def:88944 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same ... oval:org.secpod.oval:def:88942 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88943 Windows Domain Name Service Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. oval:org.secpod.oval:def:88997 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) o ... oval:org.secpod.oval:def:88996 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) o ... oval:org.secpod.oval:def:88940 Windows Network Address Translation (NAT) Denial of Service Vulnerability oval:org.secpod.oval:def:88941 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88995 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:88993 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88994 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88992 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88991 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88990 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88988 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88989 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88986 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88987 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88985 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. An authenticated attacker with normal privileges could send a modified XPS file ... oval:org.secpod.oval:def:88983 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88984 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88937 Microsoft Message Queuing Denial of Service Vulnerability oval:org.secpod.oval:def:88935 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. oval:org.secpod.oval:def:88936 Remote Procedure Call Runtime Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:88934 Microsoft Message Queuing Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side. oval:org.secpod.oval:def:88063 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88064 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88062 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:88139 The host is missing a critical security update for KB5023705 oval:org.secpod.oval:def:88123 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88061 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability oval:org.secpod.oval:def:88060 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88122 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. oval:org.secpod.oval:def:88058 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88059 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:88121 Windows SmartScreen Security Feature Bypass Vulnerability. An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. oval:org.secpod.oval:def:88056 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88057 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88055 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:88120 Windows Bluetooth Service Remote Code Execution Vulnerability. An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component. oval:org.secpod.oval:def:88119 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. oval:org.secpod.oval:def:88054 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88052 Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88053 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88051 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88050 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability oval:org.secpod.oval:def:88049 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88048 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88117 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:88118 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:88047 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88113 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88114 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88044 Windows Partition Management Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:88111 Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability. An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be ... oval:org.secpod.oval:def:88112 Windows Cryptographic Services Remote Code Execution Vulnerability. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system. oval:org.secpod.oval:def:88110 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:88043 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:88041 Windows HTTP.sys Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88108 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:88109 Windows Accounts Picture Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88040 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88106 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. oval:org.secpod.oval:def:88107 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:88105 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:88038 Windows Media Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:88039 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. oval:org.secpod.oval:def:88036 Windows DNS Server Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. As is best practice, regular validation and audits of administrative groups should be conducted. oval:org.secpod.oval:def:88037 Windows Media Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:88104 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. oval:org.secpod.oval:def:88102 HTTP Protocol Stack Remote Code Execution Vulnerability. On successful exploitation, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. oval:org.secpod.oval:def:88103 Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88099 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. oval:org.secpod.oval:def:88100 Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:88101 Windows Bluetooth Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87516 Windows Graphics Component Remote Code Execution Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87537 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker or victim must execute code on the victim's machine. oval:org.secpod.oval:def:87535 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker or victim must execute code on the victim's machine. oval:org.secpod.oval:def:87517 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87514 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:87515 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87513 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:87498 Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. oval:org.secpod.oval:def:87512 Windows Kerberos Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87510 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:87511 Windows Active Directory Domain Services API Denial of Service Vulnerability oval:org.secpod.oval:def:87509 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87507 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87508 Windows iSCSI Service Denial of Service Vulnerability oval:org.secpod.oval:def:87497 Windows MSHTML Platform Remote Code Execution Vulnerability oval:org.secpod.oval:def:87505 Windows Media Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:87494 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:87536 .NET Framework Denial of service Vulnerability. An authenticated attacker could exploit this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:87534 .NET Framework Denial of service Vulnerability. An authenticated attacker could exploit this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:87493 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attac ... oval:org.secpod.oval:def:87492 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attac ... oval:org.secpod.oval:def:87504 Windows iSCSI Service Denial of Service Vulnerability oval:org.secpod.oval:def:87503 Windows iSCSI Discovery Service Denial of Service Vulnerability. An attacker could impact availability of the service resulting in "denial of service"[DOS]. oval:org.secpod.oval:def:87491 Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability oval:org.secpod.oval:def:87490 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. An authenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network. oval:org.secpod.oval:def:87500 Windows Fax Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network ... oval:org.secpod.oval:def:87488 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network. oval:org.secpod.oval:def:87489 Microsoft PostScript Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:87487 Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. oval:org.secpod.oval:def:87486 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network. oval:org.secpod.oval:def:87484 NT OS Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:87485 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. On Successful exploitation, attacker could target the server accounts in an arbitrary or remote code execution and attempt to trigger malicious code in the context of the server's account through a net ... oval:org.secpod.oval:def:87499 HTTP.sys Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:87482 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:87483 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:87481 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability. An authenticated attacker could send a specially crafted file to a shared printer. This could result in arbitrary code execution on the system that is sharing the printer oval:org.secpod.oval:def:86716 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86717 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:86767 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86766 Windows Overlay Filter Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86715 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86714 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86713 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86765 Windows Overlay Filter Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Successful exploitati ... oval:org.secpod.oval:def:86764 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86761 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability oval:org.secpod.oval:def:86760 Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability oval:org.secpod.oval:def:86763 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that re ... oval:org.secpod.oval:def:86711 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86709 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86708 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86706 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86689 Microsoft Cryptographic Services Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86756 Windows Netlogon Denial of Service Vulnerability oval:org.secpod.oval:def:86757 Windows Bind Filter Driver Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86704 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attac ... oval:org.secpod.oval:def:86755 Microsoft DWM Core Library Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86754 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability oval:org.secpod.oval:def:86703 Windows Credential Manager User Interface Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86702 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:86752 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86753 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86701 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:86700 Windows Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86699 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86698 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86688 Microsoft Cryptographic Services Elevation of Privilege Vulnerability. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment. oval:org.secpod.oval:def:86751 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability oval:org.secpod.oval:def:86749 Windows Boot Manager Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:86687 Windows Cryptographic Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. oval:org.secpod.oval:def:86748 Windows Error Reporting Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:86747 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability. An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in bypassing a buffer length check which could be leveraged to achieve informatio ... oval:org.secpod.oval:def:86746 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86696 Windows SMB Witness Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. oval:org.secpod.oval:def:86686 Microsoft Cryptographic Services Elevation of Privilege Vulnerability. attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86685 Windows Cryptographic Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. oval:org.secpod.oval:def:86745 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86744 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86695 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation allows remote code execution on the server side. oval:org.secpod.oval:def:86741 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An unauthenticated attacker could send a specially crafted connection ... oval:org.secpod.oval:def:86743 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability oval:org.secpod.oval:def:86742 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86684 Windows Cryptographic Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Windows cryptographic secrets. oval:org.secpod.oval:def:86693 Windows Authentication Remote Code Execution Vulnerability oval:org.secpod.oval:def:86692 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86691 Event Tracing for Windows Information Disclosure Vulnerability. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:86690 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. oval:org.secpod.oval:def:86739 Windows GDI Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86738 Windows iSCSI Service Denial of Service Vulnerability oval:org.secpod.oval:def:86736 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could impersonate the group Managed Service Account (gMSA) to perform actions or access resources over the network. oval:org.secpod.oval:def:81559 The host is missing a critical security update for KB5014678 oval:org.secpod.oval:def:84803 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:80436 A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, vie ... |