[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-46993-2

Platform: cpe:/o:microsoft:windows_server_2016Date: (C)2017-08-03   (M)2023-07-04



This policy setting permits users to change installation options that typically are available only to system administrators. If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation. If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed. If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user. This policy setting is designed for less restrictive environments. It can be used to circumvent errors in an installation program that prevents software from being installed. Vulnerability: Enabling this setting can compromise security as some of the security features of Windows Installer can be bypassed by users and permits installations to complete that otherwise would be halted due to security violations, which may be contrary to your organization's security requirements. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: The Windows Installer security features are bypassed, which permits installations to complete that otherwise would be halted due to a security violation. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows InstallerAllow user control over installs (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsInstaller!EnableUserControl


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Allow user control over installs (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer!EnableUserControl

CCSS Severity:CCSS Metrics:
CCSS Score : 7.0Attack Vector: LOCAL
Exploit Score: 1.0Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: LOW
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40317


OVAL    1
oval:org.secpod.oval:def:40317
XCCDF    4
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_general_Windows_Server_2016
...

© SecPod Technologies