CCE-37778-8Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Do not allow LPT port redirection
Specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.
You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows this LPT port redirection.
If the status is set to Enabled, users in a Remote Desktop Services session cannot redirect server data to the local LPT port.
If the status is set to Disabled, LPT port redirection is always allowed.
If the status is set to Not Configured, LPT port redirection is not specified at the Group Policy level. However, an administrator can still disable local LPT port redirection using the Remote Desktop Session Host Configuration tool.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostDevice and Resource Redirection!Do not allow LPT port redirection
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal Services!fDisableLPT
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.6 | Attack Vector: NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:28226 |