CCE-50914-1Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-04 |
Allow all users to run signed packaged Windows Store apps.
This setting is configured by using an XML blob that is store in the registry setting for this setting. You can obtain the XML blob by configuring the desired setting in the Local Group Policy console and then retrieving the blob from the registry setting.
Vulnerability:
A malicious agent could run unauthorized programs and software.
Counter Measure:
Configure this policy to allow all users to run all Windows Store apps.
Potential Impact:
Depending on configuration, users may be unable to run specific Windows Store apps.
Fix:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLockerPackaged app RulesAppLocker: Packaged app Rules: (Default Rule) All signed packaged apps (Allow Everyone)
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsSrpV2Appxa9e18c21-ff8f-43cf-b9fc-db40eed693ba!Value
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Application Control Policies\AppLocker\Packaged app Rules\AppLocker: Packaged app Rules: (Default Rule) All signed packaged apps (Allow Everyone)
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba!Value
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.4 | Attack Vector: LOCAL |
Exploit Score: 1.4 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40184 |