CCE-37031-2Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Block launching desktop apps associated with a file.
This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a file. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a packaged app could compromise the system by launching a file in a desktop app.
If you enable this policy setting, Windows prevents packaged apps from launching files that would open in a desktop app. When you enable this policy setting, packaged apps may only launch files that can be opened by another packaged app.
If you disable or do not configure this policy setting, packaged apps could launch files that would open in a desktop app.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApp runtime!Block launching desktop apps associated with a file.
(2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations!BlockFileElevation
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.0 | Attack Vector: NETWORK |
Exploit Score: 2.1 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27772 |