CCE-36010-7Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Allow users to browse for source while elevated
This policy setting allows users to search for installation files during privileged installations.
If you enable this policy setting, the Browse button in the 'Use feature from' dialog box is enabled. As a result, users can search for installation files even when the installation program is running with elevated system privileges.
Because the installation is running with elevated system privileges, users can browse through directories that their own permissions would not allow.
This policy setting does not affect installations that run in the user's security context. Also, see the 'Remove browse dialog box for new source' policy setting.
If you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Installer!Allow users to browse for source while elevated
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsInstaller!AllowLockdownBrowse
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.6 | Attack Vector: PHYSICAL |
Exploit Score: 0.7 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: REQUIRED |
Vector: AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27252 |