[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-36857-1

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-04



Block launching desktop apps associated with a protocol This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a protocol. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a protocol launched by a packaged app could compromise the system by launching a desktop app. If you enable this policy setting, Windows prevents packaged apps from launching protocols that would be passed to a desktop app. When you enable this policy setting, packaged apps may only launch protocols that can be passed to another packaged app. If you disable or do not configure this policy setting, packaged apps could launch protocols that would be passed to a desktop app. Note: Enabling this policy setting will not block packaged apps from launching http, https, and mailto protocols that would be passed to a desktop app. The handlers for these protocols are accustomed to handling data from untrusted sources and are therefore hardened against protocol based vulnerabilities. The risk of allowing these protocols to be passed to a desktop app is minimal.


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApp runtime!Block launching desktop apps associated with a protocol (2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations!BlockProtocolElevation

CCSS Severity:CCSS Metrics:
CCSS Score : 8.8Attack Vector: NETWORK
Exploit Score: 2.8Attack Complexity: LOW
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: REQUIRED
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:27667


OVAL    1
oval:org.secpod.oval:def:27667
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_2012_R2

© SecPod Technologies