CCE-97550-8Platform: cpe:/o:microsoft:windows_server_2022:::x64 | Date: (C)2022-06-07 (M)2023-07-14 |
This policy setting determines whether case insensitivity is enforced for all subsystems. The Microsoft Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX). Because Windows is case insensitive (but the POSIX subsystem will support case sensitivity), failure to enforce this policy setting makes it possible for a user of the POSIX subsystem to create a file with the same name as another file by using mixed case to label it. Such a situation can block access to these files by another user who uses typical Win32 tools, because only one of the files will be available.
Countermeasure:
Enable the System objects: Require case insensitivity for non-Windows subsystems setting.
Potential Impact:
All subsystems will be forced to observe case insensitivity. This configuration may confuse users who are familiar with any UNIX-based operating systems that is case-sensitive.
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel!ObCaseInsensitive
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.9 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 3.6 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80799 |