[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:gov.nist.usgcb.windowsseven:def:20022
Specifies the period of inactivity before Windows turns off the display.

oval:gov.nist.usgcb.windowsseven:def:20021
Specifies the period of inactivity before Windows transitions the system to hibernate.

oval:gov.nist.usgcb.windowsseven:def:20023
Specifies the period of inactivity before Windows turns off the display.

oval:org.secpod.oval:def:11231
The host is installed with Internet Explorer 9 installed on Windows 7 and is prone to denial of service vulnerability. A flaw is present in the application, which fail to handle unknown vectors which could result into memory corruption. Successful exploitation could allow attackers to crash the serv ...

oval:gov.nist.usgcb.windowsseven:def:21002
IPv6 Network Protocol is not Enabled

oval:org.mitre.oval:def:12541
The operating system installed on the system is Microsoft Windows 7.

oval:org.secpod.oval:def:6737
The host is installed with Foxit Reader before 5.3 on Windows XP and Windows 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a PDF document with a crafted attachment. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:10955
The host is installed with Microsoft Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:32717
The host is installed with Microsoft Windows 7 or Server 2008 R2 and is prone to security bypass vulnerability. The flaws are present in the application, which fails to handle a macro or scripting feature in an application. Successful exploitation allows attackers to bypass intended access restricti ...

oval:org.secpod.oval:def:6409
The host is missing a critical security update according to Microsoft Security Advisory, 2719662. The update is required to fix remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle gadgets at the Windows Sidebar. Successful exploitation could allow a ...

oval:org.secpod.oval:def:6736
The host is missing a critical security update according to Microsoft Security Advisory, 2661254. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle certificates with RSA keys less than 1024 bits in length. Successful exploitati ...

oval:org.secpod.oval:def:6408
The host is missing a critical security update according to Microsoft Security Advisory, 2728973. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to handle CA certificates. Successful exploitation could allow attackers to use these certificates ...

oval:org.secpod.oval:def:7328
The host is missing a critical security update according to Microsoft Security Advisory, 2749655. The update is required to fix compatibility issues. An issue is present in the specific digital certificates, which fail to handle proper timestamp attributes. This issue could adversely impact the abil ...

oval:org.secpod.oval:def:25231
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:25232
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:635
The host is running Microsoft Windows 7 and is prone to denial of service vulnerability. A flaw is present in the IPv6 implementation in the operating system which does not provide an option to ignore an unexpected RA. Successful exploitation allows remote attackers to conduct man-in-the-middle atta ...

oval:org.secpod.oval:def:14596
The 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14597
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14595
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14590
The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14808
The 'Do not apply during periodic background processing' option for registry policy processing should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.windowsseven:def:21005
Remote Desktop Services is not Enabled

oval:org.secpod.oval:def:14810
The set of users and/or gorups allowed to make unsolicited offers of remote assistance (aka the 'Helpers' option for the 'Offer Remote Assistance' setting) should be configured correctly.

oval:org.secpod.oval:def:14594
The 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14573
The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14576
The 'Configure Windows NTP Client\Type' setting should be configured correctly.

oval:org.secpod.oval:def:14589
The 'Configure Windows NTP Client\SpecialPollInterval' setting should be configured correctly.

oval:org.secpod.oval:def:14588
The 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' setting should be configured correctly.

oval:org.secpod.oval:def:14582
The 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' setting should be configured correctly.

oval:gov.nist.usgcb.windowsseven:def:100215
configure windows time provider

oval:gov.nist.usgcb.windowsseven:def:241
Customer Experience Improvement Program

oval:gov.nist.usgcb.windowsseven:def:276
Set client connection encryption level

oval:org.secpod.oval:def:14805
The 'Configure Windows NTP Client\CrossSiteSyncFlags' setting should be configured correctly.

oval:org.secpod.oval:def:14673
Auditing of 'Object Access:Detailed File Share' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14671
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14672
Auditing of 'Object Access:Application Generated' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14668
Auditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14686
Auditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14665
Auditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14750
Auditing of 'Object Access:File Share' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14752
Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14753
Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14745
Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14761
Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14765
Auditing of 'Object Access:Other Object Access Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14764
Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14757
Auditing of 'Object Access:Certification Services' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14725
Auditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14795
Auditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14792
Auditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14791
Auditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14770
Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14776
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14775
Auditing of 'Audit object access' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14767
Auditing of 'Object Access:Filtering Platform Connection' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14782
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14785
Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14705
Auditing of 'Object Access:Kernel Object' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14714
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14802
Auditing of 'Object Access:SAM' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14800
Auditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14807
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14804
Auditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14813
Auditing of 'Audit system events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14550
Auditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14556
Auditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14554
Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14555
Auditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14549
Auditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14564
Auditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14561
Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14567
Auditing of 'Audit account management' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14568
Auditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14560
Auditing of 'Object Access:Handle Manipulation' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14740
Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14737
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.windowsseven:def:227
Registry Policy Processing

oval:gov.nist.usgcb.windowsseven:def:20020
This policy setting determines whether or not users can connect to the computer using Remote Desktop Services.

oval:gov.nist.usgcb.windowsseven:def:85
Determines if an anonymous user can request security identifier (SID) attributes for another user.

oval:org.secpod.oval:def:39
The host is installed with Microsoft Windows Human Interface Device (HID) driver and is prone to security bypass vulnerability. A flaw is present in the device driver, which allows keyboard or mouse functionality to the USB connection without giving a warning to the user. Successful exploitation cou ...

oval:org.secpod.oval:def:5629
The host is installed with Microsoft .NET Framework 4 and is prone buffer allocation vulnerability. A flaw is present in the application, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attackers to install programs, view, ch ...

oval:org.secpod.oval:def:5630
The host is installed with Microsoft .NET Framework 4 and is prone index comparison vulnerability. A flaw is present in the applications, which fails to handle WPF APIs. Successful exploitation could allow remote attackers to execute code or to elevate their user rights in any fashion.

oval:org.secpod.oval:def:6341
The host is missing a critical security update according to microsoft security bulletin, MS12-044. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle a deleted object. Successful exploitation could al ...

oval:org.secpod.oval:def:6340
The host is installed with Microsoft Internet Explorer 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6339
The host is installed with Microsoft Internet Explorer 9 and is prone to a cached object remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:7905
The host is installed with Microsoft Internet Explorer 9 and is prone to use after free vulnerability. A flaw is present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an attacker to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:7903
The host is missing a critical security update according to Microsoft security bulletin, MS12-071. The update is required to fix use after free vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation allows an attac ...

oval:org.secpod.oval:def:7904
The host is installed with Microsoft Internet Explorer 9 and is prone to use after free vulnerability. A flaw is present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an attacker to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:6026
The host is installed with Microsoft .Net framework 2.0 Sp2 or 3.5.1 or 4.0 or 4.5 Beta and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take complete control of ...

oval:org.secpod.oval:def:6024
The host is missing a critical security update according to Microsoft bulletin, MS12-038. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take comp ...

oval:org.secpod.oval:def:6045
The host is installed with Internet Explorer 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:7925
The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 and is prone to Code access security info disclosure vulnerability. A flaw is present in the applications, which does not properly sanitize the output of a function when called from partially trusted code. Successful exploitation a ...

oval:org.secpod.oval:def:7909
The host is installed with Microsoft Internet Information Services 7.0 or 7.5 and is prone to command injection vulnerability. A flaw is present in Internet Information Services (IIS), which fails to properly handle specially crafted FTP commands. Successful exploitation could allow information disc ...

oval:org.secpod.oval:def:7907
The host is missing a critical security update according to Microsoft security bulletin, MS12-073. The update is required to fix multiple vulnerabilities. The flaws are present in Internet Information Services (IIS), which fails to properly handle specially crafted FTP commands. Successful exploitat ...

oval:org.secpod.oval:def:7908
The host is installed with Microsoft Internet Information Services 7.5 and is prone to password disclosure vulnerability. A flaw is present in Internet Information Services (IIS), which fails to properly protect log files. Successful exploitation could allow information disclosure.

oval:org.secpod.oval:def:7906
The host is installed with Microsoft Internet Explorer 9 and is prone to use after free vulnerability. A flaw is present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an attacker to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:9292
The host is installed with Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9288
The host is installed with Internet Explorer 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9289
The host is installed with Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9293
The host is installed with Internet Explorer 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9716
The host is installed with Internet Explorer 8 and is prone to a CElement use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9719
The host is installed with Internet Explorer 8 and is prone to a CTreeNode use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10777
The host is missing an important security update according to Microsoft security bulletin, MS13-029. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the specially crafted webpage. ...

oval:org.secpod.oval:def:10778
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted webpage. Successful exploitation coul ...

oval:org.secpod.oval:def:10951
The host is installed with Microsoft Internet Explorer 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9243
The host is installed with Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote attackers to execute a ...

oval:org.secpod.oval:def:10947
The host is installed with .NET Framework 4.5 and is prone to authentication bypass vulnerability. A flaw is present in the application, which fails to create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over ...

oval:org.secpod.oval:def:10967
The host is installed with Microsoft Windows 7 SP1 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted application that leverages improper handling of objects in memory. Successful exploitation could allow attackers to gain privilege ...

oval:org.secpod.oval:def:10941
The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation could allow attackers to execute arbi ...

oval:org.secpod.oval:def:14181
The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14182
The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14186
The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14184
The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14189
The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14188
The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:11705
The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:25225
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:25233
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.mitre.oval:def:7186
The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS ...

oval:org.secpod.oval:def:947
The host is installed with Mozilla Thunderbird or SeaMonkey and is prone to denial of service vulnerability. A flaw is present in the nsAuthSSPI::Unwrap function, which fails to handle malicious data during SSPI authentication session. Successful exploitation could allow remote attackers to execute ...

oval:org.secpod.oval:def:1585
The host is missing a critical security update according to Microsoft security bulletin, MS10-021. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to validate specially crafted applications like the creation of symbolic links o ...

oval:org.secpod.oval:def:1584
The host is missing a critical security update according to Microsoft security bulletin, MS10-020. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows SMB Client, which fails to handle a specially crafted SMB response sent to a client-initiated SMB r ...

oval:org.mitre.oval:def:7129
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers t ...

oval:org.mitre.oval:def:7164
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMB ...

oval:org.mitre.oval:def:6918
The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response t ...

oval:org.mitre.oval:def:7176
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."

oval:org.mitre.oval:def:6770
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Pa ...

oval:org.mitre.oval:def:6859
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the respon ...

oval:org.secpod.oval:def:2048
The host is missing a critical security update according to Microsoft security bulletin, MS10-019. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows cabinet file viewer shell extension and authenticode signature verification used for portable execu ...

oval:org.mitre.oval:def:6787
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a fi ...

oval:org.mitre.oval:def:6886
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does no ...

oval:org.mitre.oval:def:11020
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of serv ...

oval:org.mitre.oval:def:11845
The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerabil ...

oval:org.mitre.oval:def:11789
The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."

oval:org.secpod.oval:def:1268
The host is missing a critical security update according to Microsoft security bulletin, MS10-047. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to initialize and validate kernel objects while handling certain errors. Success ...

oval:org.mitre.oval:def:12087
Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."

oval:org.secpod.oval:def:1724
The host is missing a critical security update according to Microsoft security bulletin, MS10-058. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the TCP/IP stack in Microsoft Windows, which fails to handle malformed IPv6 packets. Successful exploitation could ...

oval:org.secpod.oval:def:1375
The host is missing a critical security update according to Microsoft security bulletin, MS10-048. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel-Mode Drivers, which fails to validate specially crafted applications. Successful exploitatio ...

oval:org.mitre.oval:def:11663
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local ...

oval:org.mitre.oval:def:11106
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB ...

oval:org.secpod.oval:def:1520
The host is missing a critical security update according to Microsoft security bulletin, MS10-073. The update is required to fix privilege escalation vulnerability. A flaw is present in the Win32k.sys in Kernel-Mode drivers in the Microsoft Windows, which fails to load keyboard layouts from disk or ...

oval:org.secpod.oval:def:1575
The host is missing a critical security update according to Microsoft security bulletin, MS10-054. The update is required to fix code execution vulnerabilities. Multiple flaws are present in the SMB Server in Microsoft Windows, which fails to validate fields in a SMB request. Successful exploitation ...

oval:org.secpod.oval:def:1587
The host is missing a critical security update according to Microsoft security bulletin, MS10-055. The update is required to fix code execution vulnerability. A flaw is present in the Cinepak Codec in Microsoft Windows, which fails to handle a specially crafted media file or streaming content from a ...

oval:org.mitre.oval:def:11773
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

oval:org.mitre.oval:def:12072
Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."

oval:org.mitre.oval:def:12015
The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB ...

oval:org.secpod.oval:def:1456
The host is missing a critical security update according to Microsoft security bulletin, MS10-081. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the common control library (Comctl32.dll) in Microsoft Windows, which fails to handle messages passed from a ...

oval:org.mitre.oval:def:7514
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka ...

oval:org.mitre.oval:def:7272
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitra ...

oval:org.mitre.oval:def:12085
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowL ...

oval:org.mitre.oval:def:12352
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll fi ...

oval:org.secpod.oval:def:1272
The host is missing a critical security update according to Microsoft security bulletin, MS10-096. The update is required to fix remote code execution vulnerability. A flaw is present in the wab.exe in Windows Address Book, which fails to load dynamic-link libraries. Successful exploitation could al ...

oval:org.mitre.oval:def:6684
Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."

oval:org.mitre.oval:def:6696
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allo ...

oval:org.mitre.oval:def:6806
The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of servi ...

oval:org.secpod.oval:def:1376
The host is missing a critical security update according to Microsoft security bulletin, MS10-085. The update is required to fix denial of service vulnerability. A flaw is present in the SChannel security package in Microsoft Windows, which fails to validate a specially crafted packet message sent v ...

oval:org.secpod.oval:def:1388
The host is missing a critical security update according to Microsoft security bulletin, MS10-074. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the 'UpdateFrameTitleForDocument' method in the CFrameWnd class in 'mfc42.dll' in the Microsoft Foundation ...

oval:org.secpod.oval:def:1389
The host is missing a critical security update according to Microsoft security bulletin, MS10-075. The update is required to fix use-after-free vulnerability. A flaw is present in the wmpnetwk.exe in Media Player Network Sharing Service, which fails to handle specially crafted RTSP packets. Successf ...

oval:org.mitre.oval:def:11959
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnera ...

oval:org.mitre.oval:def:12252
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies fr ...

oval:org.mitre.oval:def:12194
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Do ...

oval:org.mitre.oval:def:11762
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted a ...

oval:org.secpod.oval:def:1270
The host is missing a critical security update according to Microsoft security bulletin, MS10-098. The update is required to fix multiple vulnerabilities. Flaws are present in the Win32k.sys in the kernel-mode drivers, which fails to allocate memory when copying data from user mode. Successful explo ...

oval:org.mitre.oval:def:12317
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that trigge ...

oval:org.mitre.oval:def:12357
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenTyp ...

oval:org.mitre.oval:def:12280
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."

oval:org.mitre.oval:def:12329
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free ...

oval:org.secpod.oval:def:1351
The host is missing a critical security update according to Microsoft security bulletin, MS10-091. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the OpenType Font (OTF) driver, which fails to parse specially crafted OpenType fonts. Successful exploitation coul ...

oval:org.secpod.oval:def:90
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Microsoft Windows, which fails to handle proper interaction of drivers with the Windo ...

oval:org.secpod.oval:def:1036
The host is missing an Important security update according to Microsoft security bulletin, MS11-011. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the Microsoft Window ...

oval:org.secpod.oval:def:88
The host is installed with scripting engines and is prone to information disclosure vulnerability. A flaw is present in JScript 5.8 and VBScript 5.8 scripting engines, which fails to properly load decoded scripts obtained from web pages. Successful exploitation could allow remote attackers to redire ...

oval:org.secpod.oval:def:1034
The host is missing an Important security update according to Microsoft security bulletin, MS11-009. The update is required to fix information disclosure vulnerability in JScript and VBScript scripting engines. A flaw is present in the JScript and VBScript scripting engines, which fails to properly ...

oval:org.secpod.oval:def:85
The host is installed with OpenType Compact Font Format (CFF) driver and is prone to remote code execution vulnerability. A flaw is present in the driver which fails to properly parse specially crafted OpenType fonts. Successful exploitation allows an attacker to run arbitrary code in kernel mode an ...

oval:org.secpod.oval:def:1032
The host is missing a Critical security update according to Microsoft security bulletin, MS11-007. The update is required to fix remote code execution vulnerability in Windows OpenType Compact Font Format (CFF) driver. A flaw is present in the the driver which fails to properly parse specially craft ...

oval:org.secpod.oval:def:101
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:100
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:99
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:97
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:1037
The host is missing an Important security update according to Microsoft security bulletin, MS11-012. The update is required to fix elevation of privilege vulnerability in Microsoft Windows. A flaw is present in the windows kernel-mode drivers which fails to validate data passed from user mode to ker ...

oval:org.secpod.oval:def:1040
The host is missing a Critical security update according to Microsoft security bulletin, MS11-019. The update is required to fix remote code execution vulnerability in Microsoft Windows. The flaws are present in the SMB Client Could which fails to handle specially crafted SMB response to a client-in ...

oval:org.secpod.oval:def:664
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in windows SMB client which fails to validate specially crafted SMB responses. Successful exploitation could allow an attacker to gain complete control of the system.

oval:org.secpod.oval:def:1169
The host is installed with Microsoft Windows XP SP3, Microsoft Windows Server 2003 XP2, Windows Server 2008 SP1 or SP2 and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:5627
The host is installed with Microsoft Office, Windows, .NET Framework, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install ...

oval:org.secpod.oval:def:5628
The host is installed with Microsoft Office, Windows, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fails to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install programs, view, ...

oval:org.secpod.oval:def:6345
The host is missing an important security update according to Microsoft security bulletin, MS12-048. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell, which fails to handle a file or directory with a specially crafted name. Successful exploita ...

oval:org.secpod.oval:def:6346
The host is installed with Microsoft Windows and is prone to command injection vulnerability. A flaw is present in the windows shell, which fails to handle file and directory names. Successful exploitation allows remote attackers to install programs, view, change or delete data or create new account ...

oval:org.secpod.oval:def:5583
The host is missing an important security update according to Microsoft security bulletin, MS12-032. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to gain pr ...

oval:org.secpod.oval:def:5581
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, or Windows 7 or SP1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly enforce firewall rules for outbound broadcast packets. Successful ...

oval:org.secpod.oval:def:6028
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to remote code execution vulnerability. A flaw is present in the Remote Desktop Protocol, which fails to properly process RDP packets in memory. Successful e ...

oval:org.secpod.oval:def:6027
The host is missing a critical security update according to MS12-036. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted RDP packets. Successful exploitation allows remote attackers to take complete control ...

oval:org.secpod.oval:def:5582
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 R2 or R2 SP1, Windows 7 Gold or SP1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a crafted application that binds an IPv6 address to a local inter ...

oval:org.secpod.oval:def:5624
The host is missing an important security update according to Microsoft security bulletin, MS12-034. The update is required to fix multiple vulnerabilities. The flaws are present in the Microsoft Office, Windows, .NET Framework, and Silverlight, which fail to handle a specially crafted document or a ...

oval:org.secpod.oval:def:5634
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

oval:org.secpod.oval:def:5635
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

oval:org.secpod.oval:def:5471
The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 on Windows Vista and Windows 7 systems and is prone to memory corruption vulnerability. A flaw is present in the appl ...

oval:org.secpod.oval:def:5470
The host is missing a critical security update according to Mozilla advisory, MFSA2012-25. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly restrict font-rendering attempts. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:6036
The host is installed with Internet Explorer 6 through 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6052
The host is missing a critical security update according to Microsoft security bulletin, MS12-037. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails sanitize malicious input. Successful exploitation could allow attackers to execute arbitrar ...

oval:org.secpod.oval:def:6993
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an onmove use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to an object that was not properly initialized or is deleted. Successful exploitat ...

oval:org.secpod.oval:def:7920
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, windows 8, or windows server 2012 and is prone to integer underflow vulnerability. A flaw is present in the application, which fails to pro ...

oval:org.secpod.oval:def:7921
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted bri ...

oval:org.secpod.oval:def:7922
The host is missing a critical security update according to Microsoft Security Bulletin, MS12-072. The update is required to fix integer overflow and underflow vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted briefcase. Successful exploita ...

oval:org.secpod.oval:def:8180
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, Windows 8 or Windows Server 2012 and is prone to remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails ...

oval:org.secpod.oval:def:8181
The host is missing an important security update according to Microsoft bulletin, MS12-082. The update is required to fix remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails to properly handle specially crafted office documents. Successful exploitation allows at ...

oval:org.secpod.oval:def:6687
The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a Remote Administration Protocol (RAP) response. Successful exploitation ...

oval:org.secpod.oval:def:5636
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

oval:org.secpod.oval:def:6037
The host is installed with Internet Explorer 8 and 9 or Microsoft Communicator 2007 R2 or Lync 2010 or Lync 2010 Attendee Microsoft InfoPath 2007 or 2010, Microsoft SharePoint Server 2007 or 2010, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Services 3.0 or Microsoft Groove Server 2010 ...

oval:org.secpod.oval:def:6354
The host is missing an important security update according to Microsoft bulletin, MS12-049. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the TLS protocol when Cipher-block chaining (CBC) mode of operatio ...

oval:org.secpod.oval:def:6353
The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the TLS protocol when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers to decryp ...

oval:org.secpod.oval:def:6029
The host is missing an important security update according to Microsoft bulletin, MS12-041. The update is required to fix elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate input passed from user mode. Successful exploitation allows att ...

oval:org.secpod.oval:def:6034
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ...

oval:org.secpod.oval:def:6033
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ...

oval:org.secpod.oval:def:6032
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ...

oval:org.secpod.oval:def:6031
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle TrueType font loading. Successful exploitation ...

oval:org.secpod.oval:def:6044
The host is installed with Internet Explorer 8 and 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6043
The host is installed with Internet Explorer 7 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly create and initialize string data. Successful exploitation could allow attackers to obtain sensitive information from process ...

oval:org.secpod.oval:def:6042
The host is installed with Internet Explorer 6 through 9 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted character sequences with EUC-JP encoding. Successful exploitation could allow attackers to inject arbitrary web script or ...

oval:org.secpod.oval:def:6035
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6048
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6047
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6046
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6049
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6051
The host is installed with Internet Explorer 6 through 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to block cross-domain scrolling events. Successful exploitation could allow attackers to read content from a different domain or zone.

oval:org.secpod.oval:def:6050
The host is installed with Internet Explorer 8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6200
The host is installed with Microsoft XML Core Services 3.0, 4.0, 5.0 or 6.0 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial o ...

oval:org.secpod.oval:def:6344
The host is missing an important security update according to Microsoft security bulletin, MS12-047. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate parameters when creating a hook procedure. Su ...

oval:org.secpod.oval:def:6343
The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate parameters ...

oval:org.secpod.oval:def:6342
The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle specific keyboard layo ...

oval:org.secpod.oval:def:6349
The host is installed with Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitiali ...

oval:org.secpod.oval:def:6350
The host is missing a critical security update according to Microsoft security bulletin, MS12-045. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitialized object in me ...

oval:org.secpod.oval:def:6199
The host is missing a critical security update according to Microsoft security bulletin, MS12-043. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle a specially crafted webpage. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:7924
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to reflection bypass vulnerability. A flaw is present in the applications, which fail to properly validate the permissions of objects performing reflection. Successful exploitation allows attackers to take ...

oval:org.secpod.oval:def:7926
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external lib ...

oval:org.secpod.oval:def:6686
The host is missing an important security update according to Microsoft security bulletin, MS12-055. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to handle objects in memory properly. Successful exploitation coul ...

oval:org.secpod.oval:def:6685
The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory prop ...

oval:org.secpod.oval:def:6709
The host is installed with Internet Explorer 6 through 9 and is prone to an asynchronous null object access remote code execution vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:6712
The host is missing a critical security update, according to Microsoft security bulletin MS12-052. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:6711
The host is installed with Internet Explorer 6 through 9 and is prone to a virtual function table corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:7311
The host is installed with Microsoft Windows XP, server 2003, server 2008, server 2008 R2, Vista or Windows 7 and is prone to integer overflow vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successful exploitation al ...

oval:org.secpod.oval:def:7312
The host is missing an important security update according to Microsoft security bulletin, MS12-068. The update is required to fix integer overflow vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successful exploitati ...

oval:org.secpod.oval:def:7931
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 or Windows 7 and is prone to privilege escalation vulnerability. A flaw is present in the Windows kernel, which fails to properly handle the objects in memory. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:6994
The host is installed with Microsoft Internet Explorer 9 and is prone to an event listener use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6995
The host is installed with Microsoft Internet Explorer 9 and is prone to an layout use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:7930
The host is missing a critical security update according to Microsoft security bulletin, MS12-075. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle the webpage that embeds TrueType font files. Successful exploitat ...

oval:org.secpod.oval:def:8191
The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted OpenType font file. Success ...

oval:org.secpod.oval:def:7310
The host is installed with Windows 7 or Windows Server 2008 R2 x64 and is prone to denial of service vulnerability. A flaw is present in the windows kerberos server, which fails to handle a specially crafted session. Successful exploitation could allow an attacker to cause the system to stop respond ...

oval:org.secpod.oval:def:7309
The host is missing an important security update according to Microsoft security bulletin, MS12-069. The update is required to fix a denial of service vulnerability. A flaw is present in the windows kerberos server, which fails to handle a specially crafted session. Successful exploitation could all ...

oval:org.secpod.oval:def:6996
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to an cloneNode use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to exec ...

oval:org.secpod.oval:def:7077
The host is installed with Google Chrome before 22.0.1229.79 in Microsoft Windows 7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation allows remote attackers to execute arbitrary code or cause a denia ...

oval:org.secpod.oval:def:6769
The host is installed with Wireshark 1.8.x before 1.8.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:6781
The host is installed with Wireshark 1.8.x before 1.8.2 and is prone to an integer signedness error vulnerability. A flaw is present in the application, which fails to handle the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser. Successful exploitation allows u ...

oval:org.secpod.oval:def:8182
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:8183
The host is missing a critical security update according to Microsoft security bulletin, MS12-081. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:7927
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to Web proxy auto-discovery vulnerability. A flaw is present in the applications, which is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript ...

oval:org.secpod.oval:def:7928
The host is installed with Microsoft .NET Framework 4 or 4.5 and is prone to WPF reflection optimization vulnerability. A flaw is present in the applications, which fails to properly validate permissions of objects involved with reflection. Successful exploitation allows attackers to take complete c ...

oval:org.secpod.oval:def:7929
Th host is missing a critical security update according to Microsoft Security Bulletin, MS12-074. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and properly perform validations. Successful exploitation allows a ...

oval:org.secpod.oval:def:8190
The host is missing a critical security update according to Microsoft security bulletin, MS12-078. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle the objects in memory. Successful exploitation could allow remote ...

oval:org.secpod.oval:def:8192
The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted TrueType font file. Success ...

oval:org.secpod.oval:def:8197
The host is missing a critical security update according to Microsoft security bulletin MS12-077. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:8193
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an InjectHTMLStream use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8195
The host is installed with Internet Explorer 9 and is prone to an CMarkup use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8196
The host is installed with Internet Explorer 9 or 10 and is prone to an improper ref counting use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted or improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6992
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6997
The host is missing a critical security update according to Microsoft security bulletin, MS12-063. The update is required to fix multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:8322
The host is installed with Internet Explorer 6, Internet Explorer 7 or Internet Explorer 8 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:8321
The host is missing a critical security update according to Microsoft Security Bulletin, MS13-008. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:8337
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 or 4.5 and is prone to WinForms buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a Windows Forms method. Successful exploitation allows remote attackers to install ...

oval:org.secpod.oval:def:8338
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.0 or 4 and is prone to system drawing information disclosure vulnerability. A flaw is present in the application, which fails to properly handle pointers to unmanaged memory locations. Successful exploitation allows remote a ...

oval:org.secpod.oval:def:8341
The host is missing an important security update according to Microsoft security bulletin, MS13-004. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the vectors related to memory. Successful exploitation allows remote a ...

oval:org.secpod.oval:def:8326
The host is missing an Important security update according to Microsoft security bulletin, MS13-001. The update is required to fix remote code execution vulnerability in Microsoft Windows Print Spooler components. A flaw is present in the Windows print server which fails to validate a specially craf ...

oval:org.secpod.oval:def:8325
The host is installed with Windows 7, Windows Server 2008 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Print Spooler components which fails to validate a specially crafted print job. Successful exploitation could allow an attacker to execute arbitrary co ...

oval:org.secpod.oval:def:8339
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to S.DS.P buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle System.DirectoryServices.Protocols (S.DS.P) namespace method. Successful exploitation allows re ...

oval:org.secpod.oval:def:8333
The host is installed with Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitat ...

oval:org.secpod.oval:def:8334
The host is missing an important security update according to MS bulletin, MS13-005 and is prone to an privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitation could allow attackers to take complete co ...

oval:org.secpod.oval:def:8344
The host is missing an important security update according Microsoft bulletin MS13-007. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could allow attackers to crash the servi ...

oval:org.secpod.oval:def:8340
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to double construction vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows remote attackers to install programs, v ...

oval:org.secpod.oval:def:8342
The host is installed with Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 4 or Management OData IIS Extension and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could all ...

oval:org.secpod.oval:def:8351
The host is installed with Microsoft XML Core Services 4.0, 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, M ...

oval:org.secpod.oval:def:8335
The host is installed with Microsoft Windows Vista, Windows 7, Windows server 2008, Windows server 208 R2, Windows 8 or Windows server 2012 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. ...

oval:org.secpod.oval:def:8336
The host is missing an impoetant security update according to Microsoft bulletin, MS13-006. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. Successful exploitation allows at ...

oval:org.secpod.oval:def:9290
The host is installed with Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9291
The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9286
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9284
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9285
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9240
The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Succ ...

oval:org.secpod.oval:def:9241
The host is missing an important security update according to Microsoft security bulletin MS13-018. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Successful exploitation could a ...

oval:org.secpod.oval:def:9294
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9295
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9296
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9275
The host is installed with Microsoft Windows 7, SP1, Windows Server 2008 R2 or SP1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows CSRSS improperly handles objects in memory. Successful exploitation allows attackers to run ...

oval:org.secpod.oval:def:9276
The host is missing an important security update according to Microsoft bulletin, MS13-019. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows CSRSS improperly handles objects in memory. Successful exploitatio ...

oval:org.secpod.oval:def:9280
The host is missing an important security update according to Microsoft bulletin, MS13-015. The update is required to fix privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a web browser that can run XAML Browser Applications. Successful exploita ...

oval:org.secpod.oval:def:9281
The host is installed with .NET Framework 2.0 or 3.5 or 3.5.1 or 4.0 or 4.5 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle permissions of a callback function. Successful exploitation allows attackers to take complete control o ...

oval:org.secpod.oval:def:9282
The host is missing a critical security update according to Microsoft security bulletin, MS13-010. The update is required to fix remote code execution vulnerability. A flaw is present in the microsoft implementation of Vector Markup Language, which fails to handle a specially crafted webpage. Succes ...

oval:org.secpod.oval:def:9283
The host is installed with Internet Explorer 6 or 7 or 8 or 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow an attacker to gain the same user rights as the current us ...

oval:org.secpod.oval:def:9712
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an onresize use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9713
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9715
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CCaret use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9714
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CMarkupBehaviorContext use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9711
The host is missing a critical security update according to Microsoft bulletin, MS13-012 and is prone to multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9717
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a GetMarkupPtr use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9718
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9720
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10949
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:9250
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9251
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9246
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9247
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9248
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9249
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9244
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ...

oval:org.secpod.oval:def:9245
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ...

oval:org.secpod.oval:def:9274
The host is missing an important security update according to Microsoft bulletin, MS13-016. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel-mode driver improperly handles objects in memor ...

oval:org.secpod.oval:def:9257
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9258
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9259
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9253
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9254
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9255
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9256
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9252
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9260
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9268
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9269
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9264
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9265
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9266
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9267
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9261
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9262
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9263
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9239
The host is missing an important security update according to Microsoft bulletin, MS13-017. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successfu ...

oval:org.secpod.oval:def:9236
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9237
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9238
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9270
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9271
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9272
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9273
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles object ...

oval:org.secpod.oval:def:9739
The host is missing an important security update according to MS bulletin, MS13-027 and is prone to an privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to properly handle objects in memory. Successful exploitation could allow attackers to run arbitrary co ...

oval:org.secpod.oval:def:9742
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:9741
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:9740
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:10733
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attack ...

oval:org.secpod.oval:def:10734
The host is missing an important security update according to Microsoft security bulletin, MS13-036. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors related to memory and crafted files. Successful exploitation al ...

oval:org.secpod.oval:def:10740
The host is missing an important security update according to Microsoft security bulletin MS13-031. The update is required to fix multiple race condition vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow a ...

oval:org.secpod.oval:def:10738
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle objec ...

oval:org.secpod.oval:def:10736
The host is installed with Microsoft Windows Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain eleva ...

oval:org.secpod.oval:def:10737
The host is installed with Microsoft Windows Server 2008, R2, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain elevated privileges and read ...

oval:org.secpod.oval:def:10950
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to JSON array information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict data access by VBScript. Successful exploitation could allow attackers to perform cross-domain re ...

oval:org.secpod.oval:def:10741
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10742
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10743
The host is missing a critical security update according to Microsoft Security bulletin MS13-028. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Succes ...

oval:org.secpod.oval:def:10948
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10952
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10953
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10956
The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:10966
The host is installed with Microsoft Windows Vista, Windows Server 2008 or R2 , Windows 7 SP1, Windows 8, Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could al ...

oval:org.secpod.oval:def:14200
The host is installed with Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the Windows Print Spooler components which fails to validate a specially crafted print job. Successfu ...

oval:org.secpod.oval:def:10847
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation allows attackers to execute arbitrary cod ...

oval:org.secpod.oval:def:10946
The host is installed with .NET Framework 2.0, 3.5, 3.5.1, 4.0 or 4.5 and is prone to spoofing vulnerability. A flaw is present in the application, which fails to check signatures in XML file. Successful exploitation allows attackers to make undetected changes to signed XML documents via unspecified ...

oval:org.secpod.oval:def:10968
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, Windows 7, Windows 8, Windows Server 2012 and is prone to a windows handle vulnerability. A flaw is present in the application which fails to properly handle deleted objects in memory. Succe ...

oval:org.secpod.oval:def:10957
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:14178
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14176
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14177
The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14175
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14179
The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14180
The host is installed with Microsoft Internet Explorer 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14185
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14183
The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14190
The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a script while debugging a webpage. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14187
The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14192
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14193
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14191
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14197
The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a TCP/IP integer overflow vulnerability. A flaw is present in the application, which fails to properly handle packets during TCP connection. S ...

oval:org.secpod.oval:def:6688
The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to format string vulnerability. A flaw is present in the application, which fails to handle a specially crafted response. Successful exploitation allows attackers to take comple ...

oval:org.secpod.oval:def:6691
The host is missing a critical security update according to Microsoft security bulletin, MS12-054. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a Remote Administration Protocol (RAP) response. Successful exploitation ...

oval:org.secpod.oval:def:9297
The host is missing a critical security update according to Microsoft security bulletin, MS13-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:9287
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:25234
The host is missing a security update according to Apple advisory, APPLE-SA-2015-06-30-5. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termina ...

oval:org.secpod.oval:def:25226
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:25227
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:25228
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:25229
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:25230
The host is installed with Apple QuickTime before 7.7.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation may lead to an unexpected application termination or arbitrary code execution.

oval:org.secpod.oval:def:39356
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could run processes in an elevated context. To exploit the vulnerability, a locally authenticated attacker could run a specially crafte ...

oval:org.secpod.oval:def:39358
The host is missing an important security update according to Microsoft security bulletin, MS17-017. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted application. Successful exploitation could allow attackers to escalate ...

oval:org.secpod.oval:def:40431
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:40507
The host is missing security updates for KB4018885.

oval:org.secpod.oval:def:39840
A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ...

oval:gov.nist.usgcb.windowsseven:def:266
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:org.secpod.oval:def:14592
This entry appears as MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) in the SCE. By default, when Windows networking is active on a server, Windows will create hidden administrative shares. Vulnerability: Because these built-in administrativ ...

oval:org.secpod.oval:def:14575
This entry appears as MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) in the SCE. This entry, when enabled, permits a server to automatically reboot after a fatal crash. It is enabled by default, which is undesirable o ...

oval:org.secpod.oval:def:7711
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:gov.nist.usgcb.windowsseven:def:236
Specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. Note: This setting affects the client side of Internet printing only. It does not prevent this machine from acting as an Internet Printin ...

oval:gov.nist.usgcb.windowsseven:def:192
This policy setting allows you to audit events generated by changes to the authentication policy such as the following: Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Confi ...

oval:gov.nist.usgcb.windowsseven:def:191
This policy setting allows you to audit changes in the security audit policy settings such as the following: Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security eve ...

oval:gov.nist.usgcb.windowsseven:def:189
This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request matc ...

oval:org.secpod.oval:def:14552
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's e-mail server ...

oval:org.secpod.oval:def:14553
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. Configures access to remote shells. If you enable this policy setting and set it to False, new remote shell connections will be rejected by the server. If you disable o ...

oval:org.secpod.oval:def:14551
This policy setting controls Event Log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, ...

oval:org.secpod.oval:def:14580
Windows Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC. If you enable this setting, all features in the Windows Explorer that allow you to use your CD writer are removed. If you disable or do not configure this setting, users are able to use t ...

oval:gov.nist.usgcb.windowsseven:def:18
This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer's system time plus the time zone offset. System time itself is absolute and is not affected by a change in the time zone. This user right is def ...

oval:gov.nist.usgcb.windowsseven:def:16
This user right determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. This user right is defined in the Default Domain Co ...

oval:org.secpod.oval:def:14630
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14633
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14634
This policy setting determines which users or groups can launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this setting to grant access to all the computers to users of DCOM applications. W ...

oval:org.secpod.oval:def:14631
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14632
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:gov.nist.usgcb.windowsseven:def:20011
This policy setting controls the level of validation a computer with shared folders or printers (the server) performs on the service principal name (SPN) that is provided by the client computer when it establishes a session using the server message block (SMB) protocol. The server message block (SM ...

oval:org.secpod.oval:def:14626
This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLock ...

oval:org.secpod.oval:def:14627
This security setting determines whether the OS audits any of the following events: * Attempted system time change * Attempted security system startup or shutdown * Attempt to load extensible authentication components * Loss of audited events due to auditing system failure * Security log size exce ...

oval:gov.nist.usgcb.windowsseven:def:20013
Hiding the computer from the Browse List removes one method attackers might use to gether information about computers on the network. You can configure a computer so that it does not send announcements to browsers on the domain. If you do, you hide the computer from the Network Browser list; it doe ...

oval:org.secpod.oval:def:14624
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additional authentication method that is required each time the computer starts. This policy setting is applied when you turn on BitLocker. Note: This policy is only appl ...

oval:org.secpod.oval:def:14625
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the Bit ...

oval:org.secpod.oval:def:14628
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14629
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:org.secpod.oval:def:14640
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additional authentication method that is required each time the computer starts. This policy setting is applied when you turn on BitLocker. Note: This policy is only appl ...

oval:org.secpod.oval:def:14641
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:org.secpod.oval:def:14637
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ...

oval:org.secpod.oval:def:14638
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For ...

oval:org.secpod.oval:def:14635
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14636
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14639
This policy setting determines whether the account name of the last user to log on to the client computers in your organization can display in each computers respective Windows logon screen. If you enable this policy setting, intruders cannot collect account names visually from the screens of deskt ...

oval:org.secpod.oval:def:14622
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14623
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. Note: Only one of the additi ...

oval:org.secpod.oval:def:14620
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14621
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14619
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to ...

oval:org.secpod.oval:def:14617
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:org.secpod.oval:def:14618
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:gov.nist.usgcb.windowsseven:def:42
This security setting determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are ...

oval:gov.nist.usgcb.windowsseven:def:100214
Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously. If the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes afte ...

oval:gov.nist.usgcb.windowsseven:def:53
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password co ...

oval:gov.nist.usgcb.windowsseven:def:21
This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other user ...

oval:gov.nist.usgcb.windowsseven:def:23
This privilege determines if the user can create a symbolic link from the computer he is logged on to. Default: Administrator WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. ...

oval:gov.nist.usgcb.windowsseven:def:32
Assigning this privilege to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a serv ...

oval:gov.nist.usgcb.windowsseven:def:100205
Ignores customized run-once lists. You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts. If you enable ...

oval:gov.nist.usgcb.windowsseven:def:73
All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a mess ...

oval:org.secpod.oval:def:7713
The Screen Saver timeout setting should be configured correctly.

oval:gov.nist.usgcb.windowsseven:def:238
Specifies whether Search Companion should automatically download content updates during local and Internet searches. When the user searches the local machine or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used ...

oval:gov.nist.usgcb.windowsseven:def:271
By default, users can add their computer to a homegroup on a home network. If you enable this policy setting, a user on this computer will not be able to add this computer to a homegroup. This setting does not affect other network sharing features. If you disable or do not configure this policy s ...

oval:gov.nist.usgcb.windowsseven:def:272
Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Conne ...

oval:gov.nist.usgcb.windowsseven:def:275
Specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. By default, ...

oval:gov.nist.usgcb.windowsseven:def:252
Enabling this setting directs RPC Clients that need to communicate with the Endpoint Mapper Service to authenticate as long as the RPC call for which the endpoint needs to be resolved has authentication information. Disabling this setting will cause RPC Clients that need to communicate with the End ...

oval:gov.nist.usgcb.windowsseven:def:268
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:127
Internet Control Message Protocol (ICMP) redirects cause the stack to plumb host routes. These routes override the Open Shortest Path First (OSPF)-generated routes, attackers can use source routed packets to conceal the address of their computer. HKLM\System\CurrentControlSet\Services\Tcpip\Paramete ...

oval:gov.nist.usgcb.windowsseven:def:132
Network basic input/output system (NetBIOS) over TCP/IP is a networking protocol that, among other things, provides a means of easily resolving NetBIOS names registered on Windows- based systems to the IP addresses configured on those systems. This value determines whether the computer releases its ...

oval:org.secpod.oval:def:14563
This policy setting controls Event Log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, ...

oval:org.secpod.oval:def:14562
Removes the Security tab from Windows Explorer. If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the securi ...

oval:org.secpod.oval:def:14565
Specifies how much user idle time must elapse before the screen saver is launched. When configured, this idle time can be set from a minimum of 1 second to a maximum of 599,940 seconds, or 24 hours. If set to zero, the screen saver will not be started. This setting has no effect under any of the f ...

oval:org.secpod.oval:def:14566
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (i.e. restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information W ...

oval:org.secpod.oval:def:14558
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user's Windows credentials. Note: This policy affects nonlogon authentication tasks only. As a security best practice, ...

oval:org.secpod.oval:def:14559
This policy specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present. If you enable this setting, Windows Update will not be searched when a new device is installed. If you disable this setting, Windows Update will always be searched for d ...

oval:gov.nist.usgcb.windowsseven:def:17
This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time ...

oval:gov.nist.usgcb.windowsseven:def:20012
Allowing source routed network traffic allows attackers to obscure their identity and location. IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should follow through the network. Vulnerability: Source routing allows a computer that sends a pack ...

oval:org.secpod.oval:def:14644
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:org.secpod.oval:def:14645
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14642
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier ...

oval:gov.nist.usgcb.windowsseven:def:20016
Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback (2 ...

oval:org.secpod.oval:def:14643
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14674
This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. Fix: (1) GPO: Computer Configuration\Windo ...

oval:org.secpod.oval:def:14677
This policy setting allows you to create an exception list of servers in this domain to which clients are allowed to use NTLM pass-through authentication if the "Network Security: Restrict NTLM: Deny NTLM authentication in this domain" is set. If you configure this policy setting, you can ...

oval:org.secpod.oval:def:14678
This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or unde ...

oval:org.secpod.oval:def:14675
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled. If you ...

oval:org.secpod.oval:def:14676
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to ...

oval:org.secpod.oval:def:14670
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14669
This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out. If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful ...

oval:org.secpod.oval:def:14651
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting t ...

oval:org.secpod.oval:def:14652
This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. If you enable this policy setti ...

oval:org.secpod.oval:def:14650
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For ...

oval:org.secpod.oval:def:14655
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-on ...

oval:org.secpod.oval:def:14656
This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ...

oval:org.secpod.oval:def:14653
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14654
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14648
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14649
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14646
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14647
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ...

oval:org.secpod.oval:def:14662
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14663
This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker. If you enable this poli ...

oval:org.secpod.oval:def:14660
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to ...

oval:org.secpod.oval:def:14661
Windows Server operating systems support 8.3 file name formats for backward compatibility with16-bit applications. The 8.3 file name convention is a naming format that allows file names up to eight characters long. The registry value entry NtfsDisable8dot3NameCreation was added to the template file ...

oval:org.secpod.oval:def:14666
This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking ...

oval:org.secpod.oval:def:14667
Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate. Fix: (1) GPO: Computer Confi ...

oval:org.secpod.oval:def:14664
This policy setting allows you to audit events generated by changes to application groups such as the following: Application group is created, changed, or deleted. Member is added or removed from an application group. If you configure this policy setting, an audit event is generated when an ...

oval:org.secpod.oval:def:14659
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14657
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:org.secpod.oval:def:14658
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:gov.nist.USGCB.win7firewall:def:20925
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ...

oval:gov.nist.USGCB.win7firewall:def:20919
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Adva ...

oval:gov.nist.usgcb.windowsseven:def:46
This security setting determines which user accounts can call the CreateProcessAsUser() application programming interface (API) so that one service can start another. An example of a process that uses this user right is Task Scheduler. For information about Task Scheduler, see Task Scheduler overvie ...

oval:gov.nist.usgcb.windowsseven:def:56
This security setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use policy is in effect. Enabling this option when the Audit privilege use policy is also enabled generates an audit event for every file that is backed up or rest ...

oval:gov.nist.usgcb.windowsseven:def:51
This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ...

oval:gov.nist.usgcb.windowsseven:def:24
This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user ri ...

oval:gov.nist.usgcb.windowsseven:def:82
This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. The server message block (SMB) protocol provides the ba ...

oval:gov.nist.usgcb.windowsseven:def:88
Network access: Do not allow storage of credentials or .NET Passports for network authentication This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication. If you enable this setting, Credential Manager does not st ...

oval:gov.nist.usgcb.windowsseven:def:72
This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. The logon banner should be titled with a warning label containing the name of the owning organiz ...

oval:gov.nist.usgcb.windowsseven:def:75
Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, ...

oval:gov.nist.usgcb.windowsseven:def:4
This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords are not reused ...

oval:gov.nist.usgcb.windowsseven:def:106
This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. Default: This policy is not de ...

oval:gov.nist.usgcb.windowsseven:def:113
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: * Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the opera ...

oval:gov.nist.usgcb.windowsseven:def:115
This policy setting controls the behavior of the elevation prompt for standard users. The options are: * Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the oper ...

oval:gov.nist.usgcb.windowsseven:def:121
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. Th ...

oval:gov.nist.usgcb.windowsseven:def:102
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: Send LM & ...

oval:gov.nist.usgcb.windowsseven:def:136
Setting Added to Registry to Make Screensaver Password Protection Immediate The default grace period allowed for user movement before the screen - saver lock takes effect is five seconds. Leaving the grace period in the default setting makes your computer vulnerable to a potential attack from someon ...

oval:gov.nist.usgcb.windowsseven:def:174
This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to. If you configure this policy setting, ...

oval:gov.nist.usgcb.windowsseven:def:12
This privilege determines who can change the maximum memory that can be consumed by a process. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. Note: This privilege is useful for system tuning, but i ...

oval:gov.nist.usgcb.windowsseven:def:14
This security setting determines which users or groups have permission to log on as a Remote Desktop Services client. Default: On workstation and servers: Administrators, Remote Desktop Users. On domain controllers: Administrators. Important This setting does not have any effect on Windows 2000 ...

oval:gov.nist.usgcb.windowsseven:def:20015
This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication request ...

oval:org.secpod.oval:def:14684
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker pro ...

oval:org.secpod.oval:def:14685
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14682
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting t ...

oval:org.secpod.oval:def:14683
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to ...

oval:org.secpod.oval:def:14688
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14689
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14687
This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured. If you configure this policy setting, you c ...

oval:org.secpod.oval:def:14680
This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record ...

oval:org.secpod.oval:def:14681
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14679
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting t ...

oval:gov.nist.USGCB.win7firewall:def:20935
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Securi ...

oval:org.secpod.oval:def:14695
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14696
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For ...

oval:org.secpod.oval:def:14693
This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. Ifyou configure this policy setting, an audit event is generated for each IAS and NAP user acce ...

oval:org.secpod.oval:def:14694
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14699
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14697
This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy ...

oval:org.secpod.oval:def:14698
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker. If you en ...

oval:org.secpod.oval:def:14691
This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker. The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify whic ...

oval:org.secpod.oval:def:14692
This security setting determines whether to audit each instance of a user exercising a user right. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit this type of event at all. Success audits generate an audit entry when the exercise of a use ...

oval:org.secpod.oval:def:14690
This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy ...

oval:gov.nist.USGCB.win7firewall:def:20911
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.usgcb.windowsseven:def:47
This security setting determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is sim ...

oval:gov.nist.usgcb.windowsseven:def:48
This security setting determines which users who are logged on locally to the computer can shut down the operating system using the Shut Down command. Misuse of this user right can result in a denial of service. Default on Workstations: Administrators, Backup Operators, Users. Default on Servers: ...

oval:gov.nist.usgcb.windowsseven:def:27
This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies. Note: This security setting does not apply to the System, Local Service, or ...

oval:gov.nist.usgcb.windowsseven:def:33
This privilege determines which user accounts can increase or decrease the size of a process's working set. Default: Users The working set of a process is the set of memory pages currently visible to the process in physical RAM memory. These pages are resident and available for an applicatio ...

oval:gov.nist.usgcb.windowsseven:def:34
This security setting determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. Defau ...

oval:gov.nist.usgcb.windowsseven:def:35
This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution Assigning this user right can be a ...

oval:gov.nist.usgcb.windowsseven:def:81
This security setting determines whether packet signing is required by the SMB server component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent "man-in-the-m ...

oval:gov.nist.usgcb.windowsseven:def:89
This security setting determines what additional permissions are granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrat ...

oval:gov.nist.usgcb.windowsseven:def:91
This security setting determines which registry keys can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key. Default: System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications ...

oval:gov.nist.usgcb.windowsseven:def:60
Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of c ...

oval:gov.nist.usgcb.windowsseven:def:67
This setting controls the maximum password age that a machine account may have. This security setting determines how often a domain member will attempt to change its computer account password. Default: 30 days. Important This setting applies to Windows 2000 computers, but it is not available thr ...

oval:gov.nist.usgcb.windowsseven:def:63
This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a ...

oval:gov.nist.usgcb.windowsseven:def:71
This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. Fix: ( ...

oval:gov.nist.usgcb.windowsseven:def:76
This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. The options are: * No Action * Lock Workstation * Force Logoff * Disconnect if a Remote Desktop Services session If you click Lock Workstation in the Properties dialog bo ...

oval:org.secpod.oval:def:14709
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier ...

oval:org.secpod.oval:def:14703
Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate. Fix: (1) GPO: Computer Configuratio ...

oval:org.secpod.oval:def:14704
This subcategory reports when packets are dropped by Windows Filtering Platform (WFP). These events can be very high in volume. Events for this subcategory include: - 5152: The Windows Filtering Platform blocked a packet. - 5153: A more restrictive Windows Filtering Platform filter has blocked a p ...

oval:org.secpod.oval:def:14701
This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction poli ...

oval:org.secpod.oval:def:14702
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier ...

oval:org.secpod.oval:def:14707
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting t ...

oval:org.secpod.oval:def:14708
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For ...

oval:org.secpod.oval:def:14706
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14700
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy sett ...

oval:gov.nist.usgcb.windowsseven:def:2
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:gov.nist.usgcb.windowsseven:def:107
Enabling this security option makes the Recovery Console SET command available, which allows you to set the following Recovery Console environment variables: AllowWildCards: Enable wildcard support for some commands (such as the DEL command). AllowAllPaths: Allow access to all files and folders on ...

oval:gov.nist.usgcb.windowsseven:def:114
This policy setting controls the behavior of the elevation prompt for administrators. The options are: * Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constraine ...

oval:gov.nist.usgcb.windowsseven:def:117
This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local ...

oval:gov.nist.usgcb.windowsseven:def:100
This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in ...

oval:gov.nist.usgcb.windowsseven:def:160
This policy setting allows you to audit events generated by changes to security groups such as the following: Security group is created, changed, or deleted. Member is added or removed from a security group. Group type is changed. If you configure this policy setting, an audit event is ...

oval:gov.nist.usgcb.windowsseven:def:10
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. Default on workstations and ser ...

oval:gov.nist.usgcb.windowsseven:def:19
This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users. For information about how to ...

oval:gov.nist.usgcb.windowsseven:def:20010
This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In ...

oval:gov.nist.usgcb.windowsseven:def:40
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. Default: Non ...

oval:gov.nist.usgcb.windowsseven:def:54
This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Def ...

oval:gov.nist.usgcb.windowsseven:def:55
This security setting determines whether to audit the access of global system objects. If this policy is enabled, it causes system objects, such as mutexes, events, semaphores and DOS devices, to be created with a default system access control list (SACL). Only named objects are given a SACL; SACLs ...

oval:org.secpod.oval:def:14732
This policy setting determines which users or groups can access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to specify access permissions to all the computers to particular users for ...

oval:org.secpod.oval:def:14733
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to ...

oval:org.secpod.oval:def:14730
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:org.secpod.oval:def:14731
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. Note: Only one of the additi ...

oval:gov.nist.usgcb.windowsseven:def:22
This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kerne ...

oval:gov.nist.usgcb.windowsseven:def:20
This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operat ...

oval:org.secpod.oval:def:14726
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems. If this policy sett ...

oval:org.secpod.oval:def:14723
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to ...

oval:org.secpod.oval:def:14724
This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLock ...

oval:gov.nist.usgcb.windowsseven:def:25
This security setting determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. Default: Guest Fix: (1) GPO: Computer Configuration\Windows ...

oval:org.secpod.oval:def:14729
This policy setting allows you to audit events generated when a process ends. If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setti ...

oval:gov.nist.usgcb.windowsseven:def:26
This security setting determines which accounts are prevented from being able to log on as a batch job. This policy setting supersedes the Log on as a batch job policy setting if a user account is subject to both policies. Default: None. Fix: (1) GPO: Computer Configuration\Windows Settings\Secur ...

oval:org.secpod.oval:def:14727
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. Note: Only one of the additi ...

oval:gov.nist.usgcb.windowsseven:def:28
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. Important If you apply this security policy to the Everyone group, no one will be able to lo ...

oval:org.secpod.oval:def:14728
This security setting determines whether the OS audits user attempts to access Active Directory objects. Audit is only generated for objects that have system access control lists (SACL) specified, and only if the type of access requested (such as Write, Read, or Modify) and the account making the re ...

oval:gov.nist.usgcb.windowsseven:def:31
This security setting determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causi ...

oval:org.secpod.oval:def:14736
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker. Note: Only one of the additi ...

oval:org.secpod.oval:def:14734
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14735
This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests. If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits reco ...

oval:gov.nist.usgcb.windowsseven:def:39
This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be ena ...

oval:gov.nist.usgcb.windowsseven:def:87
This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to gr ...

oval:gov.nist.usgcb.windowsseven:def:86
This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an adminis ...

oval:gov.nist.usgcb.windowsseven:def:90
This policy setting determines which communication sessions, or pipes, have attributes and permissions that allow anonymous access. Restricting access over named pipes such as COMNAP and LOCATOR helps prevent unauthorized access to the network. The table in the Vulnerability section lists default na ...

oval:gov.nist.usgcb.windowsseven:def:94
This security setting determines which network shares can accessed by anonymous users. Default: None specified. This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be a ...

oval:gov.nist.usgcb.windowsseven:def:64
This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure cha ...

oval:org.secpod.oval:def:14710
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery ...

oval:org.secpod.oval:def:14711
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker. The "Allow certificate-based data recovery agent" check box is used to ...

oval:org.secpod.oval:def:14721
This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). The following privileges are non-sensitive: Access Credential Manager as a trusted caller. Access this computer from the network. Add workstations to domain. ...

oval:org.secpod.oval:def:14722
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker. The "Allow data recovery agent" check box is used to specify whether a data recovery age ...

oval:org.secpod.oval:def:14720
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14715
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14712
This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audit ...

oval:org.secpod.oval:def:14713
This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: Reporting of active policies when Windows Firewall service starts. Changes to Windows ...

oval:org.secpod.oval:def:14718
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker pro ...

oval:org.secpod.oval:def:14719
This security setting determines whether the OS audits each instance of attempts to change user rights assignment policy, audit policy, account policy, or trust policy. The administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these ...

oval:org.secpod.oval:def:14716
This security setting determines whether the OS audits user attempts to access non-Active Directory objects. Audit is only generated for objects that have system access control lists (SACL) specified, and only if the type of access requested (such as Write, Read, or Modify) and the account making th ...

oval:org.secpod.oval:def:14717
This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authenti ...

oval:gov.nist.usgcb.windowsseven:def:202
This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events: Startup and shutdown of the computer. Change of system time. Recovering the system from CrashOnAuditFail, which is logged after a system restarts when t ...

oval:gov.nist.usgcb.windowsseven:def:229
Specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. Note: This setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits dow ...

oval:gov.nist.usgcb.windowsseven:def:204
This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: Events that could not be written to the event log because of a problem with the auditing system. A process that uses a local procedure call (LPC) port that is not valid ...

oval:gov.nist.usgcb.windowsseven:def:9
This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption ...

oval:gov.nist.usgcb.windowsseven:def:5
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If ...

oval:gov.nist.usgcb.windowsseven:def:109
This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and i ...

oval:gov.nist.usgcb.windowsseven:def:112
This security setting determines the strength of the default discretionary access control list (DACL) for objects. Active Directory maintains a global list of shared system resources, such as DOS device names, mutexes, and semaphores. In this way, objects can be located and shared among processes. ...

oval:gov.nist.usgcb.windowsseven:def:119
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: * Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy ...

oval:gov.nist.usgcb.windowsseven:def:199
This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following: A privileged service is called. One of the following privileges are called: Act as part of the operating system. Back up files and directories. ...

oval:gov.nist.usgcb.windowsseven:def:175
This policy setting allows you to audit events generated by user account logon attempts on the computer. Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the compu ...

oval:gov.nist.usgcb.windowsseven:def:183
This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the reques ...

oval:org.secpod.oval:def:14578
Determines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enab ...

oval:org.secpod.oval:def:14586
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify if automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Grou ...

oval:gov.nist.usgcb.windowsseven:def:13
Determines which users can log on to the computer. Important Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (http://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft websit ...

oval:gov.nist.usgcb.windowsseven:def:15
This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders ...

oval:gov.nist.usgcb.windowsseven:def:20019
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. * Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

oval:gov.nist.usgcb.windowsseven:def:301
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify if automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Grou ...

oval:gov.nist.USGCB.win7firewall:def:20909
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.usgcb.windowsseven:def:43
This security setting determines which users can use performance monitoring tools to monitor the performance of nonsystem processes. Default: Administrators, Power users. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile single p ...

oval:gov.nist.usgcb.windowsseven:def:45
This security setting determines whether a user can undock a portable computer from its docking station without logging on. If this policy is enabled, the user must log on before removing the portable computer from its docking station. If this policy is disabled, the user may remove the portable co ...

oval:org.secpod.oval:def:14747
This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only fai ...

oval:org.secpod.oval:def:14748
This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities. Saved credentials of users may be compromised if this privilege is ...

oval:org.secpod.oval:def:14746
This security setting determines whether the OS audits each instance of a user attempting to log on to or to log off to this computer. Log off events are generated whenever a logged on user account's logon session is terminated. If this policy setting is defined, the administrator can specif ...

oval:gov.nist.usgcb.windowsseven:def:49
This security setting determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution Assigning this user right can be a security risk. Since owners of objects have full ...

oval:org.secpod.oval:def:14749
This security setting determines if users' private keys require a password to be used. The options are: User input is not required when new keys are stored and used User is prompted when the key is first used User must enter a password each time they use a key For more information, see Public ...

oval:gov.nist.usgcb.windowsseven:def:29
This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. Fix: (1) GPO: Computer Configuration ...

oval:org.secpod.oval:def:14743
This policy setting allows you to audit incoming NTLM traffic. If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic. If you select "Enable auditing for domain accounts", the server will log events for NTLM pa ...

oval:org.secpod.oval:def:14744
This security setting determines whether the OS audits process-related events such as process creation, process termination, handle duplication, and indirect object access. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both success ...

oval:org.secpod.oval:def:14741
This security setting determines whether the OS audits each time this computer validates an account's credentials. Account logon events are generated whenever a computer validates the credentials of an account for which it is authoritative. Domain members and non-domain-joined machines are au ...

oval:org.secpod.oval:def:14742
This security setting determines whether to audit each event of account management on a computer. Examples of account management events include: A user account or group is created, changed, or deleted. A user account is renamed, disabled, or enabled. A password is set or changed. If you define this ...

oval:gov.nist.usgcb.windowsseven:def:30
This security setting determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy ...

oval:gov.nist.usgcb.windowsseven:def:36
This security setting determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access mem ...

oval:gov.nist.usgcb.windowsseven:def:37
This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows. For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an ...

oval:org.secpod.oval:def:14738
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection. ...

oval:org.secpod.oval:def:14739
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker pro ...

oval:gov.nist.usgcb.windowsseven:def:83
This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB Service to be ...

oval:gov.nist.usgcb.windowsseven:def:92
This security setting determines which registry paths and subpaths can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key. Default: System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Even ...

oval:gov.nist.usgcb.windowsseven:def:65
This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channe ...

oval:gov.nist.usgcb.windowsseven:def:66
Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified ...

oval:gov.nist.usgcb.windowsseven:def:68
This security setting determines whether 128-bit key strength is required for encrypted secure channel data. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller w ...

oval:gov.nist.usgcb.windowsseven:def:61
This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can ...

oval:gov.nist.usgcb.windowsseven:def:21001
Automatic updates are not enabled

oval:gov.nist.usgcb.windowsseven:def:70
This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the us ...

oval:gov.nist.usgcb.windowsseven:def:77
This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ...

oval:gov.nist.usgcb.windowsseven:def:78
This security setting determines whether the SMB client attempts to negotiate SMB packet signing. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ...

oval:gov.nist.usgcb.windowsseven:def:79
If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. Sending unencrypted passwords is a security risk. Default: Disabled. Fix: (1) GPO: Com ...

oval:gov.nist.usgcb.windowsseven:def:74
Determines how far in advance (in days) users are warned that their password is about to expire. With this advance warning, the user has time to construct a password that is sufficiently strong. Default: 14 days. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Polici ...

oval:gov.nist.usgcb.windowsseven:def:251
If you enable this setting, it directs the RPC Runtime on an RPC server to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC I ...

oval:gov.nist.usgcb.windowsseven:def:6
This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum passw ...

oval:gov.nist.usgcb.windowsseven:def:8
This security setting determines whether passwords must meet complexity requirements. If this policy is enabled, passwords must meet the following minimum requirements: Not contain the user's account name or parts of the user's full name that exceed two consecutive characters Be at least ...

oval:gov.nist.usgcb.windowsseven:def:7
This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. Default: 7 on domain controllers. 0 on sta ...

oval:gov.nist.usgcb.windowsseven:def:1
This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator exp ...

oval:gov.nist.usgcb.windowsseven:def:3
This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less ...

oval:gov.nist.usgcb.windowsseven:def:110
For the Schannel Security Service Provider (SSP), this security setting disables the weaker Secure Sockets Layer (SSL) protocols and supports only the Transport Layer Security (TLS) protocols as a client and as a server (if applicable). If this setting is enabled, Transport Layer Security/Secure Soc ...

oval:gov.nist.usgcb.windowsseven:def:111
This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX. If this setting is enabled, case insensitivity is enforced for all directory object ...

oval:gov.nist.usgcb.windowsseven:def:120
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: * Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and st ...

oval:gov.nist.usgcb.windowsseven:def:122
Determines whether the automatic logon feature is enabled. Automatic logon uses the domain, user name, and password stored in the registry to log users on to the computer when the system starts. The Log On to Windows dialog box is not displayed. This entry determines whether the automatic logon fea ...

oval:gov.nist.usgcb.windowsseven:def:135
Most programs on the Windows platform make use of various Dynamic Link Libraries (DLL) to avoid having to reimplement functionality. The operating system actually loads several DLLs for each program, depending on what type of program it is. When the program does not specify an absolute location for ...

oval:org.secpod.oval:def:14587
This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer. If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer ...

oval:org.secpod.oval:def:14581
This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer. If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer ...

oval:gov.nist.usgcb.windowsseven:def:11
This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separ ...

oval:gov.nist.usgcb.windowsseven:def:20018
This policy setting allows you to set the encryption types that Kerberos is allowed to use. If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted. This policy is supporte ...

oval:gov.nist.usgcb.windowsseven:def:20014
The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is ...

oval:gov.nist.USGCB.win7firewall:def:20922
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.USGCB.win7firewall:def:20914
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewa ...

oval:gov.nist.USGCB.win7firewall:def:20912
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Do ...

oval:org.secpod.oval:def:14751
This security setting requires users to log on to a computer using a smart card. The options are: Enabled: Users can only log on to the computer using a smart card. Disabled. Users can log on to the computer using any method. Default: Disabled. Important This setting will apply to any computers ...

oval:org.secpod.oval:def:14754
This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. For scheduler jobs, the following are audited: Job created. Job deleted. Job enabled. Job disabled. Job updated. For COM+ objects, the following are audited: C ...

oval:org.secpod.oval:def:14755
This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations. AD CS operations include the following: AD CS startup/shutdown/backup/restore. Changes to the certificate revocation list (CRL). New certificate requests. Issuing of a certificate. R ...

oval:gov.nist.usgcb.windowsseven:def:44
This security setting determines which users can use performance monitoring tools to monitor the performance of system processes. Default: Administrators. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile system performance (2) ...

oval:gov.nist.usgcb.windowsseven:def:41
This security setting determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can ...

oval:org.secpod.oval:def:14762
Specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in Windows Explorer or Computer in the format & ...

oval:org.secpod.oval:def:14760
This policy setting controls Event Log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, ...

oval:org.secpod.oval:def:14766
This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server. If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote se ...

oval:org.secpod.oval:def:14763
This policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller. This policy does not affect interactive logon to this domain controller. If you select "Disabled" or do not configure this policy setting, the domain controller will allow all ...

oval:gov.nist.usgcb.windowsseven:def:100212
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box. If you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even ...

oval:gov.nist.usgcb.windowsseven:def:57
Windows Vista and later versions of Windows allow audit policy to be managed in a more precise way using audit policy subcategories. Setting audit policy at the category level will override the new subcategory audit policy feature. Group Policy only allows audit policy to be set at the category le ...

oval:gov.nist.usgcb.windowsseven:def:52
This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Ena ...

oval:org.secpod.oval:def:14758
This policy setting allows you to audit inbound remote procedure call (RPC) connections. If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do ...

oval:org.secpod.oval:def:14759
This policy setting allows you to deny or allow incoming NTLM traffic. If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests. If you select "Deny all domain accounts," the server will deny NTLM authentication r ...

oval:org.secpod.oval:def:14756
This security setting determines whether the system shuts down if it is unable to log security events. If this security setting is enabled, it causes the system to stop if a security audit cannot be logged for any reason. Typically, an event fails to be logged when the security audit log is full an ...

oval:gov.nist.usgcb.windowsseven:def:38
This security setting allows a security principal to log on as a service. Services can be configured to run under the Local System, Local Service, or Network Service accounts, which have a built in right to log on as a service. Any service that runs under a separate user account must be assigned the ...

oval:gov.nist.usgcb.windowsseven:def:80
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, t ...

oval:gov.nist.usgcb.windowsseven:def:93
When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled. The server service restricts unauthenticated clients acces ...

oval:gov.nist.usgcb.windowsseven:def:95
This security setting determines how network logons that use local accounts are authenticated. If this setting is set to Classic, network logons that use local account credentials authenticate by using those credentials. The Classic model allows fine control over access to resources. By using the Cl ...

oval:gov.nist.usgcb.windowsseven:def:62
This value determines if access to the floppy drive is restricted to locally logged-on users. 1 = restricted This security setting determines whether removable floppy media are accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively log ...

oval:gov.nist.usgcb.windowsseven:def:69
This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen. If this policy is enabled, the name of the last user to successfully log on is not displayed in the Logon Screen. ". If this policy is disabled, the name of t ...

oval:gov.nist.usgcb.windowsseven:def:21004
Remote Assistance is not Enabled

oval:gov.nist.usgcb.windowsseven:def:249
This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer. If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer ...

oval:gov.nist.usgcb.windowsseven:def:259
Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and ...

oval:org.secpod.oval:def:14809
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify if automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Grou ...

oval:gov.nist.usgcb.windowsseven:def:104
This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if NTLMv2 prot ...

oval:gov.nist.usgcb.windowsseven:def:123
IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should take through the network. Microsoft recommends to configure this setting to Not Defined for enterprise environments and to Highest Protection for high security environments to completely disable ...

oval:gov.nist.usgcb.windowsseven:def:157
This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted. If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record suc ...

oval:gov.nist.usgcb.windowsseven:def:161
This policy setting allows you to audit changes to user accounts. Events include the following: A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. A user account's password is set or changed. A security identifier (SID) is added to the ...

oval:gov.nist.usgcb.windowsseven:def:129
This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. HKLM\System\CurrentControlSet\Tcpip\Parameters\KeepAliveTime Fix: (1) GPO: Computer Configu ...

oval:gov.nist.usgcb.windowsseven:def:130
The default IPsec exemptions that were present in Windows XP and Windows 2000 except for the Internet Key Exchange (IKE) exemption were removed from Windows Server 2003. The IKE exemption is specific to source and destination port UDP 500. IKE always receives this type of packet from any source addr ...

oval:gov.nist.usgcb.windowsseven:def:134
This setting is used to enable or disabled the Internet Router Discovery Protocol (IRDP). IRDP allows the system to detect and configure Default Gateway addresses automatically. HKLM\System\CurrentControlSet\Tcpip\Parameters\PerformRouterDiscovery It enables or disables the Internet Router Discover ...

oval:gov.nist.usgcb.windowsseven:def:137
The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is ...

oval:gov.nist.usgcb.windowsseven:def:139
The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ registry key. The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in th ...

oval:gov.nist.usgcb.windowsseven:def:178
This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Specia ...

oval:gov.nist.USGCB.win7firewall:def:20921
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.USGCB.win7firewall:def:20920
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.USGCB.win7firewall:def:20924
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ...

oval:gov.nist.USGCB.win7firewall:def:20923
The Private Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\P ...

oval:gov.nist.USGCB.win7firewall:def:20930
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firew ...

oval:gov.nist.USGCB.win7firewall:def:20936
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Securi ...

oval:gov.nist.USGCB.win7firewall:def:20934
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firew ...

oval:gov.nist.USGCB.win7firewall:def:20910
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.USGCB.win7firewall:def:20913
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewa ...

oval:gov.nist.usgcb.windowsseven:def:100216
This policy setting allows you to audit events generated by validation tests on user account logon credentials. Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the loc ...

oval:gov.nist.usgcb.windowsseven:def:100213
Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically. If the status is set to Enabled, Automatic Updates will not restart a computer automatically duri ...

oval:org.secpod.oval:def:14790
This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see http://go.micr ...

oval:org.secpod.oval:def:14789
This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the ob ...

oval:org.secpod.oval:def:14772
This policy setting allows you to audit NTLM authentication in a domain from this domain controller. If you select "Disable" or do not configure this policy setting, the domain controller will not log events for NTLM authentication in this domain. If you select "Enable for domain ac ...

oval:org.secpod.oval:def:14773
This policy setting allows you to audit other logon/logoff-related events that are not covered in the "Logon/Logoff" policy setting such as the following: Terminal Services session disconnections. New Terminal Services sessions. Locking and unlocking a workstation. Invoking ...

oval:org.secpod.oval:def:14771
This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following: Trusted Platform Module (TPM) configuration changes. Kernel-mode cryptographic self tests. Cryptographic provider operation ...

oval:org.secpod.oval:def:14777
This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits reco ...

oval:org.secpod.oval:def:14774
This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers. Volume: High. Default: No Auditing. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Sy ...

oval:org.secpod.oval:def:14769
This policy setting allows you to audit any of the following events: Startup and shutdown of the Windows Firewall service and driver. Security policy processing by the Windows Firewall Service. Cryptography key file and migration operations. Volume: Low. Default: Success, Failure. Fi ...

oval:org.secpod.oval:def:14768
This security setting determines which subsystems can optionally be started up to support your applications. With this security setting, you can specify as many subsystems to support your applications as your environment demands. Default: POSIX. This policy setting determines which subsystems are ...

oval:org.secpod.oval:def:14783
This policy setting disables the Windows registry editors Regedit.exe and Regedt32.exe. If this setting is enabled and the user tries to start a registry editor, a message appears explaining that a setting prevents the action. To prevent users from using other administrative tools, use the "R ...

oval:org.secpod.oval:def:14784
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open pote ...

oval:org.secpod.oval:def:14781
This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audit ...

oval:org.secpod.oval:def:14787
This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included: The Windows Firewall Service blocks an application from accepting incoming connections on the network. The WFP allows a connection. ...

oval:org.secpod.oval:def:14788
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog. If you enable this policy setting, the user's last shut down choice (Hibernate, Restart, etc.) is the default option in the ...

oval:org.secpod.oval:def:14786
This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share ...

oval:org.secpod.oval:def:14780
This policy setting allows you to audit events generated by changes to distribution groups such as the following: Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. If you configure this policy se ...

oval:org.secpod.oval:def:14778
This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the "Authentication Policy Change" subcategory. Removal of u ...

oval:org.secpod.oval:def:14779
This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers. If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessfu ...

oval:org.secpod.oval:def:7712
Determines whether screen savers used on the computer are password protected. If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver. This setting also disables the "Password protected" che ...

oval:gov.nist.usgcb.windowsseven:def:234
Specifies whether Windows should download a list of providers for the Web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded f ...

oval:gov.nist.usgcb.windowsseven:def:240
Specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web," are available from File and Folder Tasks in Windows folders. The Web Publishing Wizard is used to download a list of providers and ...

oval:gov.nist.usgcb.windowsseven:def:247
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when ...

oval:gov.nist.usgcb.windowsseven:def:265
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:105
This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if message int ...

oval:gov.nist.usgcb.windowsseven:def:108
This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer does not appear on the Windows l ...

oval:gov.nist.usgcb.windowsseven:def:116
This policy setting controls the behavior of application installation detection for the computer. The options are: * Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and ...

oval:gov.nist.usgcb.windowsseven:def:101
This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB server to be f ...

oval:gov.nist.usgcb.windowsseven:def:159
This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following: The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration. The Pas ...

oval:gov.nist.usgcb.windowsseven:def:163
This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful a ...

oval:org.secpod.oval:def:14591
Specifies whether to require the use of a specific encryption level to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this setting, all communications between clients and RD Session Host servers during remote connect ...

oval:org.secpod.oval:def:14584
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy, users o ...

oval:gov.nist.usgcb.windowsseven:def:20017
This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7. Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In pr ...

oval:gov.nist.USGCB.win7firewall:def:20929
Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public ...

oval:gov.nist.USGCB.win7firewall:def:20928
Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Default: %systemroot%\system32\logfiles\firewall\pfirewall.log Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ...

oval:gov.nist.USGCB.win7firewall:def:20927
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.USGCB.win7firewall:def:20926
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:gov.nist.USGCB.win7firewall:def:20933
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.USGCB.win7firewall:def:20932
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.USGCB.win7firewall:def:20931
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.USGCB.win7firewall:def:20908
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Do ...

oval:gov.nist.USGCB.win7firewall:def:20907
Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain ...

oval:gov.nist.USGCB.win7firewall:def:20906
Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Default: %systemroot%\system32\logfiles\firewall\pfirewall.log Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ...

oval:gov.nist.USGCB.win7firewall:def:20905
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.USGCB.win7firewall:def:20904
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:gov.nist.USGCB.win7firewall:def:20918
Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Privat ...

oval:gov.nist.USGCB.win7firewall:def:20917
Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Default: %systemroot%\system32\logfiles\firewall\pfirewall.log Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ...

oval:gov.nist.USGCB.win7firewall:def:20916
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.USGCB.win7firewall:def:20915
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:org.secpod.oval:def:14794
This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. If you configure this policy setting, an audit event is generated when a handle is manipulated. Suc ...

oval:org.secpod.oval:def:14793
This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. Only AD DS objects with a matching system access control list (SACL) are logged. Events in this subcategory are similar to the Directory Service Access events available in ...

oval:org.secpod.oval:def:14798
This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. Currently, there are no events in this subcategory. Default: No Auditing. Fix: (1) GPO: Computer Configuration\W ...

oval:org.secpod.oval:def:14799
This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function. Events in this subcategory inc ...

oval:org.secpod.oval:def:14797
This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events. Note: The Audit: Audit the access of global system objects policy setting controls the ...

oval:gov.nist.usgcb.windowsseven:def:200
This policy setting allows you to audit events generated by the IPsec filter driver such as the following: Startup and shutdown of the IPsec services. Network packets dropped due to integrity check failure. Network packets dropped due to replay check failure. Network packets dropped ...

oval:org.secpod.oval:def:7714
Specifies the screen saver for the user's desktop. If you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, ...

oval:gov.nist.usgcb.windowsseven:def:246
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when ...

oval:gov.nist.usgcb.windowsseven:def:203
This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to aut ...

oval:gov.nist.usgcb.windowsseven:def:248
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy, users o ...

oval:gov.nist.usgcb.windowsseven:def:261
By default administrator accounts are not displayed when attempting to elevate a running application. If you enable this policy setting, all local administrator accounts on the machine will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, ...

oval:gov.nist.usgcb.windowsseven:def:291
This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista SP1 and Windows XP SP3. If you enable this policy setting, Internet Explorer will not opt-in to Data Execution Prevention on platforms that support the SetPro ...

oval:org.secpod.oval:def:14803
This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following: SAM_ALIAS -- A local group. SAM_GROUP -- A group that is not a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. ...

oval:org.secpod.oval:def:14806
This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: IPsec services status. Changes to IPsec policy settings. Changes to Windows Firewall policy settings. Changes to WFP providers and engine. If you confi ...

oval:org.secpod.oval:def:14811
Ignores the customized run list. You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and servic ...

oval:org.secpod.oval:def:14812
This subcategory reports when a user account or service uses a sensitive privilege. A sensitive privilege includes the following user rights: Act as part of the operating system, Back up files and directories, Create a token object, Debug programs, Enable computer and user accounts to be tr ...

oval:gov.nist.usgcb.windowsseven:def:118
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\system32\ ...

oval:gov.nist.usgcb.windowsseven:def:103
This security setting determines the level of data signing that is requested on behalf of clients issuing LDAP BIND requests, as follows: None: The LDAP BIND request is issued with the options that are specified by the caller. Negotiate signing: If Transport Layer Security/Secure Sockets Layer (TLS ...

oval:org.secpod.oval:def:14577
Specifies a set of parameters for controlling the Windows NTP Client. NtpServer: The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where flags is a hexadecimal bitmask of the flags for that host. For more information, see t ...

oval:org.secpod.oval:def:14585
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. Note: This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Manag ...

oval:org.secpod.oval:def:14583
Specifies whether to automatically update root certificates using the Windows Update Web site. Typically, a certificate is used when you use a secure Web site or when you send and receive secure e-mail. Anyone can issue certificates, but to have transactions that are as secure as possible, certifi ...

oval:org.secpod.oval:def:14611
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ...

oval:org.secpod.oval:def:14612
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ...

oval:org.secpod.oval:def:14610
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ...

oval:org.secpod.oval:def:14605
This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health an ...

oval:org.secpod.oval:def:14608
This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health an ...

oval:org.secpod.oval:def:14609
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ...

oval:org.secpod.oval:def:14606
Windows Portable Devices (WPD) is a driver technology that supports a wide range of portable devices such as mobile phones, digital cameras, and portable media players. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the d ...

oval:org.secpod.oval:def:14607
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ...

oval:org.secpod.oval:def:14615
This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health an ...

oval:org.secpod.oval:def:14616
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ...

oval:org.secpod.oval:def:14613
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ...

oval:org.secpod.oval:def:14614
Specifies the prescribed value for Windows Connect Now 'USB Flash Drive' setting This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.1 ...

oval:org.secpod.oval:def:14796
Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, ...

oval:gov.nist.usgcb.windowsseven:def:21003
Windows Error Reporting is not Enabled

oval:gov.nist.usgcb.windowsseven:def:225
This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting, you can select whether Windows searches Windows Update first, searches Windows Update last, or does not search Windows Update. If you disable or d ...

oval:gov.nist.usgcb.windowsseven:def:231
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples wi ...

oval:gov.nist.usgcb.windowsseven:def:230
Specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application. The Event Viewer normally makes all HTTP(S) URLs into hot links that activate the Internet browser when clicked. In addition, "More Information" is placed at the end of the de ...

oval:gov.nist.usgcb.windowsseven:def:233
Specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard will cause the wizard to exit. This prev ...

oval:gov.nist.usgcb.windowsseven:def:232
The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of ...

oval:gov.nist.usgcb.windowsseven:def:235
Specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association. When a user opens a file that has an extension that is not associated with any applications on the machine, the user is given the choice to choose a local application or ...

oval:gov.nist.usgcb.windowsseven:def:237
Specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you enable this setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online. If you disable or do not configure this ...

oval:gov.nist.usgcb.windowsseven:def:239
Specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The "Order Prints Online" Wizard is used to download a list of providers and allow users to order prints online. If you enable this setting, the task "Order Prints Online&q ...

oval:gov.nist.usgcb.windowsseven:def:243
Controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product. If you enable this setting, users will not be given the option to repor ...

oval:gov.nist.usgcb.windowsseven:def:245
This setting forces the user to log on to the computer using the classic logon screen. By default, a workgroup is set to use the simple logon screen. This setting only works when the computer is not on a domain. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Logon\Always use ...

oval:gov.nist.usgcb.windowsseven:def:208
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ...

oval:gov.nist.usgcb.windowsseven:def:207
This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health an ...

oval:gov.nist.usgcb.windowsseven:def:209
This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working. Peer-to-Peer protocols allow for applications in the areas of RTC, collaboration, content distribution and distributed processing. If you enable this settin ...

oval:gov.nist.usgcb.windowsseven:def:210
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ...

oval:gov.nist.usgcb.windowsseven:def:213
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly. When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: throu ...

oval:gov.nist.usgcb.windowsseven:def:212
This policy setting determines whether to require domain users to elevate when setting a network's location. If you enable this policy setting, domain users must elevate when setting a network's location. If you disable or do not configure this policy setting, domain users can set a netw ...

oval:gov.nist.usgcb.windowsseven:def:215
This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. ...

oval:gov.nist.usgcb.windowsseven:def:214
This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the l ...

oval:gov.nist.usgcb.windowsseven:def:217
This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network. If you disable or do not configure this policy setting, the local host settings is used. If you enable this policy setting, you can specify an I ...

oval:gov.nist.usgcb.windowsseven:def:216
This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. If you enable this policy setting, you will be able to configure Teredo with one of the following settings: If you disable ...

oval:gov.nist.usgcb.windowsseven:def:219
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If this policy setting is enabled, the wizards are disabled and users will have no access to any of the wizard tasks. All the configuration related tasks, including 'Set up a wireless router or access point' and &a ...

oval:gov.nist.usgcb.windowsseven:def:218
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ...

oval:gov.nist.usgcb.windowsseven:def:220
This policy setting allows you to manage where client computers search for Point and Printer drivers. If you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local ...

oval:gov.nist.usgcb.windowsseven:def:222
This policy setting allows you to specify whether to send a Windows error report when a generic driver is installed on a device. If you enable this policy setting, a Windows error report is not sent when a generic driver is installed. If you disable or do not configure this policy setting, a Windo ...

oval:gov.nist.usgcb.windowsseven:def:221
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, remote connections to the Plug and Play interface are allowed. If you disable or do not configure this policy setting, remote connections to the Plug and Play interface ...

oval:gov.nist.usgcb.windowsseven:def:224
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation S ...

oval:gov.nist.usgcb.windowsseven:def:223
This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A sy ...

oval:gov.nist.usgcb.windowsseven:def:250
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance. If you enable this policy setting, log files will be generated. If you disable this policy setting, log files will not be generated. If you do not configure ...

oval:gov.nist.usgcb.windowsseven:def:253
Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you leave this policy setting enabled, Users will be able to use MSDT to collect and send diagnostic data to a support professional to resolve a problem. By default, the support provider is s ...

oval:gov.nist.usgcb.windowsseven:def:255
This policy setting specifies whether to enable or disable tracking of responsiveness events. If you enable this policy setting, responsiveness events are processed and aggregated. The aggregated data will be transmitted to Microsoft through SQM. if you disable this policy setting, responsiveness ...

oval:gov.nist.usgcb.windowsseven:def:254
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking 'Yes' when they are prom ...

oval:gov.nist.usgcb.windowsseven:def:257
This policy controls the state of the Program Inventory collector in the system. The PDU inventories programs and files on the system and sends information about those files to Microsoft. This information is used to help associate files to programs and diagnose application compatibility prob ...

oval:gov.nist.usgcb.windowsseven:def:258
Sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program ...

oval:gov.nist.usgcb.windowsseven:def:260
If this policy is enabled, autoplay will not be enabled for non-volume devices like MTP devices. If you disable or not configure this policy, autoplay will continue to be enabled for non-volume devices. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\AutoPlay Poli ...

oval:org.secpod.oval:def:14801
The Windows Customer Experience Improvement Program will collect information about your hardware configuration and how you use our software and services to identify trends and usage patterns. We will not collect your name, address, or any other personally identifiable information. There are no surve ...

oval:org.secpod.oval:def:14599
Enables this server to be a File Transfer Protocol (FTP) server. If this service is stopped, the server cannot function as an FTP server. If this service is disabled, any services that explicitly depend on it will fail to start. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settin ...

oval:org.secpod.oval:def:14593
The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing acce ...

oval:org.secpod.oval:def:14572
Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on ...

oval:org.secpod.oval:def:14579
Provides Software Licensing activation and notification. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppuinotify!Start

oval:org.secpod.oval:def:14570
Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. The following are the dependency services of "Remote Access Connection Manager&q ...

oval:org.secpod.oval:def:14571
Enables discovery of UPnP devices on your home network. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\SSDP Discovery Service (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV!Start

oval:org.secpod.oval:def:14569
Computer Browser service maintains a listing of computers and resources located on the network. This service is not required on a standalone system. In fact, even if you want to browse the network (work-group or domain) or have mapped network shares as local hard drives, you can still do so. On a la ...

oval:org.secpod.oval:def:14604
Offers routing services to businesses in local area and wide area network environments. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Routing and Remote Access (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess!Start

oval:org.secpod.oval:def:14600
This service is used to transfer asynchronous data via HTTP 1.1 servers. BITS a download when you log back in after you log off or shutdown the system during a download. You may require this service for some, Windows Live Messenger, Windows Media Player or future .NET or Live functions. Fix: (1 ...

oval:org.secpod.oval:def:14601
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Fix: (1) GPO: Computer Configuration\Windows Settings\Sec ...

oval:gov.nist.usgcb.windowsseven:def:300
Prevents users from being prompted to update Windows Media Player. This policy prevents the Player from being updated and prevents users with administrator rights from being prompted to update the Player if an updated version is available. The Check for Player Updates command on the Help menu in th ...

oval:gov.nist.usgcb.windowsseven:def:21006
Bluetooth is not Enabled

oval:gov.nist.usgcb.windowsseven:def:269
Manages download of game box art and ratings from the Windows Metadata Services. If you enable this setting, game information including box art and ratings will not be downloaded. If you disable or do not configure this setting, game information will be downloaded from Windows Metadata Services. ...

oval:gov.nist.usgcb.windowsseven:def:270
Manages download of game update information from Windows Metadata Services. If you enable this setting, game update information will not be downloaded. If you disable or do not configure this setting, game update information will be downloaded from Windows Metadata Services. Fix: (1) GPO: Compu ...

oval:gov.nist.usgcb.windowsseven:def:277
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop-down ...

oval:gov.nist.usgcb.windowsseven:def:279
Specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes ...

oval:gov.nist.usgcb.windowsseven:def:278
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconnect ...

oval:gov.nist.usgcb.windowsseven:def:280
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate tem ...

oval:gov.nist.usgcb.windowsseven:def:281
This policy setting prevents users from having enclosures (file attachments) downloaded from a feed to the user's computer. If you enable this policy setting, the setting to download an enclosure is disabled. A developer cannot change the download setting through the Feed application programmi ...

oval:gov.nist.usgcb.windowsseven:def:284
Enabling this policy allows indexing of mail items on a Microsoft Exchange server when Microsoft Outlook is not running in cached mode. The default behavior for search is to not index uncached Exchange folders. Disabling this policy will block any indexing of uncached Exchange folders. Delegate ma ...

oval:gov.nist.usgcb.windowsseven:def:283
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expe ...

oval:gov.nist.usgcb.windowsseven:def:286
Adjusts membership in Microsoft SpyNet. Microsoft SpyNet is the online community that helps you choose how to respond to potential spyware threats. The community also helps stop the spread of new spyware infections. Here's how it works. When Windows Defender detects software or changes by so ...

oval:gov.nist.usgcb.windowsseven:def:285
By default Windows Anytime Upgrade is available for all administrators. If you enable this policy setting, Windows Anytime Upgrade will not run. If you disable this policy setting or set it to Not Configured, Windows Anytime Upgrade will run. Fix: (1) GPO: Computer Configuration\Administrative ...

oval:gov.nist.usgcb.windowsseven:def:288
If this setting is enabled, Windows Error Reporting will not send any problem information to Microsoft. Additionally, solution information will not be available in the Action Center control panel. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Repor ...

oval:gov.nist.usgcb.windowsseven:def:287
If this setting is enabled Windows Error Reporting events will not be logged to the system event log. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Er ...

oval:gov.nist.usgcb.windowsseven:def:289
Use this setting to control whether or not a user is given the choice to report an error. When Display Error Notification is enabled, the user will be notified that an error has occurred and will be given access to details about the error. If the Configure Error Reporting setting is also enabled, ...

oval:gov.nist.usgcb.windowsseven:def:264
This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windows will not run any user-installed gadgets. If you disable or do not configure this setting, Windows will run user-installed gadgets. The default is for Windows to run ...

oval:gov.nist.usgcb.windowsseven:def:263
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned. If you enable this setting, gadgets that have not been digitally signed will not be extracted. If you disable or do not confi ...

oval:gov.nist.usgcb.windowsseven:def:267
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:290
If this setting is enabled any additional data requests from Microsoft in response to a Windows Error Reporting event will be automatically declined without notice to the user. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send addi ...

oval:gov.nist.usgcb.windowsseven:def:293
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only op ...

oval:gov.nist.usgcb.windowsseven:def:292
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\T ...

oval:gov.nist.usgcb.windowsseven:def:295
Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. It permits installations to complete that otherwise would be halted due to a security violation. The security features ...

oval:gov.nist.usgcb.windowsseven:def:294
Allows Web-based programs to install software on the computer without notifying the user. By default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation. This setting suppresses the warnin ...

oval:gov.nist.usgcb.windowsseven:def:297
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information. If enabled, a notification popup will be displayed to the user when the user logs on with cached credenti ...

oval:gov.nist.usgcb.windowsseven:def:296
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users. If yo ...

oval:gov.nist.usgcb.windowsseven:def:299
This policy prevents the Privacy Options and Installation Options dialog boxes from being displayed the first time a user starts Windows Media Player. This policy prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Playe ...

oval:gov.nist.usgcb.windowsseven:def:298
Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades. When this policy is enabled, programs are not able to acquire lice ...

oval:gov.nist.usgcb.windowsseven:def:143
Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax!Start

oval:gov.nist.usgcb.windowsseven:def:142
The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY ...

oval:gov.nist.usgcb.windowsseven:def:145
Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running. Fix: (1) GPO: NOT ...

oval:gov.nist.usgcb.windowsseven:def:144
Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running. ...

oval:gov.nist.usgcb.windowsseven:def:147
If you have no need for controlling your children (as in, you do not have any), this service can safely be disabled.This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LO ...

oval:gov.nist.usgcb.windowsseven:def:146
If you do not use any external devices as a WMC extender, this service can safely be left in its default (disabled) value. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mcx2Svc!Start

oval:org.secpod.oval:def:14557
The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LOCAL_ ...

oval:org.secpod.oval:def:14548
This policy setting allows users to have their feeds authenticated using the Basic authentication scheme over an unencrypted HTTP connection. If you enable this policy setting, the RSS Platform will authenticate to servers using the Basic authentication scheme in combination with an insecure HTTP c ...

oval:org.secpod.oval:def:14598
This policy prevents a shortcut icon for the Player from being added to the user's desktop. When this policy is not configured or disabled, users can choose whether to add the Player shortcut icon to their desktops. Specifies the prescribed value for 'Prevent Desktop Shortcut Creation&ap ...

oval:org.secpod.oval:def:14574
Specifies whether users can provide ratings for Help content. If this setting is enabled, this policy setting prevents ratings controls from being added to Help content. If this setting is disabled or not configured, a rating control will be added to Help topics. Users can use the control to prov ...

oval:gov.nist.usgcb.windowsseven:def:20004
Telnet Server hosts the remote sessions for Telnet clients. When Telnet Server is running on a computer, users can connect to the server with a Telnet client from a remote computer. Telnet Server is implemented in Windows as a service that can be configured to always run, even when no one is logged ...

oval:gov.nist.usgcb.windowsseven:def:20003
Telnet Client is used to connect to remote machine by using the Telnet protocol. Telnet Client allows a computer to connect to a remote Telnet server and run applications on that server. Once logged on, a user is given a command prompt that can be used as if it had been opened locally on the Telnet ...

oval:gov.nist.usgcb.windowsseven:def:20006
The Windows Media Center features should be configured correctly. Some programs and features included with Windows, such as Internet Information Services, must be turned on before you can use them. Certain other features are turned on by default, but you can turn them off if you don t use them. To t ...

oval:gov.nist.usgcb.windowsseven:def:20005
The Trivial File Transfer Protocol (TFTP) client allows the transfer of files using the TFTP protocol between a TFTP client and a TFTP server. The TFTP protocol is implemented using the User Datagram Protocol (UDP) to send and receive data. The TFTP protocol implements its own reliability scheme us ...

oval:org.secpod.oval:def:14602
Provides Web connectivity and administration through the Internet Information Services Manager. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\World Wide Web Publishing Service (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC!Start

oval:org.secpod.oval:def:14603
Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\WMI Performance Adap ...

oval:gov.nist.usgcb.windowsseven:def:20000
Some programs and features included with Windows, such as Internet Information Services, must be turned on before you can use them. Certain other features are turned on by default, but you can turn them off if you don t use them. To turn a feature off in earlier versions of Windows, you had to unins ...

oval:gov.nist.usgcb.windowsseven:def:20002
Simple TCP/IP Services are really a collection of command line utilities. This collection includes the 'quote of the day' protocol, the daytime protocol, character generator (chargen), echo protocol, and discard protocol. These are just ports that are opened up on your Windows computer to ...

oval:gov.nist.usgcb.windowsseven:def:20001
Internet Information Services provides support for Web and FTP Servers, along with support for ASP.NET web sites. dynamic content such as Classic ASP and CGI, and local and remote management. Internet Information Services (IIS, formerly Internet Information Server) is an extensible web server creat ...

oval:gov.nist.USGCB.win7firewall:def:20941
The Core Networking - Dynamic Host Configuration Protocol (DHCPV6-In) Windows Firewall rule should be configured correctly. Create firewall rules to allow or block connections to specified programs or ports. You can also allow a connection only if it is authenticated, or if it comes from authorized ...

oval:gov.nist.USGCB.win7firewall:def:20940
The Core Networking - Dynamic Host Configuration Protocol (DHCP-In) Windows Firewall rule should be configured correctly. Create firewall rules to allow or block connections to specified programs or ports. You can also allow a connection only if it is authenticated, or if it comes from authorized u ...

oval:gov.nist.usgcb.windowsseven:def:100204
Denies or allows access to the Windows Mail application. If you enable this setting, access to the Windows Mail application is denied. If you disable or do not configure this setting, access to the Windows Mail application is allowed. Fix: (1) GPO: Computer Configuration\Administrative Templates ...

oval:gov.nist.usgcb.windowsseven:def:100203
This check verifies that Windows Mail will not check newsgroups for Communities support. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off the communities features (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail!DisableComm ...

oval:gov.nist.usgcb.windowsseven:def:100202
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop s ...

oval:gov.nist.usgcb.windowsseven:def:100201
Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. If you enable this setti ...

CVE    58
CVE-2010-2739
CVE-2010-4182
CVE-2011-4434
CVE-2007-6753
...
CCE    617
CCE-13668-9
CCE-10282-2
CCE-10207-9
CCE-10674-0
...
*CPE
cpe:/o:microsoft:windows_7
XCCDF    14
xccdf_saner20_benchmark_Windows_7_wmi_service_pack
xccdf_gov.nist_benchmark_USGCB-Windows-7-Energy
xccdf_com.secpod_benchmark_microsoft-windows-7
xccdf_org.secpod_benchmark_ISO27001_Windows_7
...

© 2013 SecPod Technologies