CCE-36606-2| Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Restrict unpacking and installation of gadgets that are not digitally signed.
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.
If you enable this setting, gadgets that have not been digitally signed will not be extracted.
If you disable or do not configure this setting, both signed and unsigned gadgets will be extracted.
The default is for Windows to extract both signed and unsigned gadgets.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsDesktop Gadgets!Restrict unpacking and installation of gadgets that are not digitally signed.
(2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesWindowsSidebar!TurnOffUnsignedGadgets
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 5.7 | Attack Vector: PHYSICAL |
| Exploit Score: 0.5 | Attack Complexity: LOW |
| Impact Score: 5.2 | Privileges Required: LOW |
| Severity: MEDIUM | User Interaction: REQUIRED |
| Vector: AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: NONE |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27568 |
