| Vulnerability ID |
Severity |
Description |
|
V-277982
|
Medium
|
Windows Server 2025 must install security-relevant software updates within 30 days unless the tim...
|
|
V-277983
|
Medium
|
Windows Server 2025 must prohibit the use or connection of unauthorized hardware components
|
|
V-277985
|
Medium
|
Windows Server 2025 users with administrative privileges must have separate accounts for administ...
|
|
V-277986
|
Medium
|
Windows Server 2025 passwords for the built-in Administrator account must be changed at least eve...
|
|
V-277987
|
High
|
Windows Server 2025 administrative accounts must not be used with applications that access the in...
|
|
V-277988
|
Medium
|
Windows Server 2025 members of the Backup Operators group must have separate accounts for backup ...
|
|
V-277989
|
Medium
|
Windows Server 2025 manually managed application account passwords must be at least 15 characters...
|
|
V-277990
|
Medium
|
Windows Server 2025 manually managed application account passwords must be changed at least annua...
|
|
V-277991
|
Medium
|
Windows Server 2025 shared user accounts must not be permitted
|
|
V-277992
|
Medium
|
Windows Server 2025 must employ a deny-all, permit-by-exception policy to allow the execution of ...
|
|
V-277993
|
Medium
|
Windows Server 2025 domain-joined systems must have a Trusted Platform Module (TPM) enabled and r...
|
|
V-277995
|
Medium
|
Windows Server 2025 must use an antivirus program
|
|
V-277996
|
Medium
|
Windows Server 2025 must have a host-based intrusion detection and prevention service (IDPS) inst...
|
|
V-277997
|
High
|
Windows Server 2025 local volumes must use a format that supports New Technology File System (NTF...
|
|
V-277998
|
Medium
|
Windows Server 2025 permissions for the system drive root directory (usually C:\) must conform to...
|
|
V-277999
|
Medium
|
Windows Server 2025 permissions for program file directories must conform to minimum requirements
|
|
V-278000
|
Medium
|
Windows Server 2025 permissions for the Windows installation directory must conform to minimum re...
|
|
V-278001
|
Medium
|
Windows Server 2025 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained
|
|
V-278002
|
Low
|
Windows Server 2025 nonadministrative accounts or groups must only have print permissions on prin...
|
|
V-278003
|
Medium
|
Outdated or unused accounts on Windows Server 2025 must be removed or disabled
|
|
V-278004
|
Medium
|
Windows Server 2025 accounts must require passwords
|
|
V-278005
|
Medium
|
Windows Server 2025 passwords must be configured to expire
|
|
V-278006
|
Medium
|
Windows Server 2025 system files must be monitored for unauthorized changes
|
|
V-278007
|
Medium
|
Windows Server 2025 nonsystem-created file shares must limit access to groups that require it
|
|
V-278008
|
Medium
|
Windows Server 2025 must have software certificate installation files removed
|
|
V-278009
|
Medium
|
Windows Server 2025 systems requiring data at rest protections must employ cryptographic mechanis...
|
|
V-278010
|
Medium
|
Windows Server 2025 must implement protection methods such as TLS, encrypted VPNs, or IPsec if th...
|
|
V-278011
|
Medium
|
Windows Server 2025 must have the roles and features required by the system documented
|
|
V-278012
|
Medium
|
Windows Server 2025 must have a host-based firewall installed and enabled
|
|
V-278013
|
Medium
|
Windows Server 2025 must automatically remove or disable temporary user accounts after 72 hours
|
|
V-278014
|
Medium
|
Windows Server 2025 must automatically remove or disable emergency accounts after the crisis is r...
|
|
V-278015
|
Medium
|
Windows Server 2025 must not have the Fax Server role installed
|
|
V-278016
|
Medium
|
Windows Server 2025 must not have the Microsoft FTP service installed unless required by the orga...
|
|
V-278017
|
Medium
|
Windows Server 2025 must not have Wi-Fi enabled unless required by the organization
|
|
V-278018
|
Medium
|
Windows Server 2025 must not have Bluetooth enabled unless required by the organization
|
|
V-278019
|
Medium
|
Windows Server 2025 must not have the Peer Name Resolution Protocol installed
|
|
V-278020
|
Medium
|
Windows Server 2025 must not have Simple TCP/IP Services installed
|
|
V-278021
|
Medium
|
Windows Server 2025 must not have the Telnet Client installed
|
|
V-278022
|
Medium
|
Windows Server 2025 must not have the TFTP Client installed
|
|
V-278023
|
Medium
|
Windows Server 2025 must not have the Server Message Block (SMB) v1 protocol installed
|
|
V-278024
|
Medium
|
Windows Server 2025 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server
|
|
V-278025
|
Medium
|
Windows Server 2025 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client
|
|
V-278026
|
Medium
|
Windows Server 2025 must not have Windows PowerShell 2.0 installed
|
|
V-278027
|
Medium
|
Windows Server 2025 FTP servers must be configured to prevent anonymous logons
|
|
V-278028
|
Medium
|
Windows Server 2025 FTP servers must be configured to prevent access to the system drive
|
|
V-278029
|
Low
|
The Windows Server 2025 time service must synchronize with an appropriate DOD time source
|
|
V-278030
|
Medium
|
Windows Server 2025 must have orphaned security identifiers (SIDs) removed from user rights
|
|
V-278031
|
Medium
|
Windows Server 2025 systems must have Unified Extensible Firmware Interface (UEFI) firmware and b...
|
|
V-278032
|
Medium
|
Windows Server 2025 must have Secure Boot enabled
|
|
V-278033
|
Medium
|
Windows Server 2025 account lockout duration must be configured to 15 minutes or greater
|
|
V-278034
|
Medium
|
Windows Server 2025 must have the number of allowed bad logon attempts configured to three or less
|
|
V-278035
|
Medium
|
Windows Server 2025 must have the period of time before the bad logon counter is reset configured...
|
|
V-278036
|
Medium
|
Windows Server 2025 password history must be configured to 24 passwords remembered
|
|
V-278037
|
Medium
|
Windows Server 2025 maximum password age must be configured to 60 days or less
|
|
V-278038
|
Medium
|
Windows Server 2025 minimum password age must be configured to at least one day
|
|
V-278039
|
Medium
|
Windows Server 2025 must have the built-in Windows password complexity policy enabled
|
|
V-278040
|
High
|
Windows Server 2025 reversible password encryption must be disabled
|
|
V-278041
|
Medium
|
Windows Server 2025 audit records must be backed up to a different system or media than the syste...
|
|
V-278042
|
Medium
|
Windows Server 2025 must, at a minimum, off-load audit records of interconnected systems in real ...
|
|
V-278043
|
Medium
|
Windows Server 2025 permissions for the Application event log must prevent access by nonprivilege...
|
|
V-278044
|
Medium
|
Windows Server 2025 permissions for the Security event log must prevent access by nonprivileged a...
|
|
V-278045
|
Medium
|
Windows Server 2025 permissions for the System event log must prevent access by nonprivileged acc...
|
|
V-278046
|
Medium
|
Windows Server 2025 Event Viewer must be protected from unauthorized modification and deletion
|
|
V-278047
|
Medium
|
Windows Server 2025 must be configured to audit Account Logon - Credential Validation successes
|
|
V-278048
|
Medium
|
Windows Server 2025 must be configured to audit Account Logon - Credential Validation failures
|
|
V-278049
|
Medium
|
Windows Server 2025 must be configured to audit Account Management - Other Account Management Eve...
|
|
V-278050
|
Medium
|
Windows Server 2025 must be configured to audit Account Management - Security Group Management su...
|
|
V-278051
|
Medium
|
Windows Server 2025 must be configured to audit Account Management - User Account Management succ...
|
|
V-278052
|
Medium
|
Windows Server 2025 must be configured to audit Account Management - User Account Management fail...
|
|
V-278053
|
Medium
|
Windows Server 2025 must be configured to audit Detailed Tracking - Plug and Play Events successes
|
|
V-278054
|
Medium
|
Windows Server 2025 must be configured to audit Detailed Tracking - Process Creation successes
|
|
V-278055
|
Medium
|
Windows Server 2025 must be configured to audit Logon/Logoff - Account Lockout successes
|
|
V-278056
|
Medium
|
Windows Server 2025 must be configured to audit Logon/Logoff - Account Lockout failures
|
|
V-278057
|
Medium
|
Windows Server 2025 must be configured to audit Logon/Logoff - Group Membership successes
|
|
V-278058
|
Medium
|
Windows Server 2025 must be configured to audit logoff successes
|
|
V-278059
|
Medium
|
Windows Server 2025 must be configured to audit logon successes
|
|
V-278060
|
Medium
|
Windows Server 2025 must be configured to audit logon failures
|
|
V-278061
|
Medium
|
Windows Server 2025 must be configured to audit Logon/Logoff - Special Logon successes
|
|
V-278062
|
Medium
|
Windows Server 2025 must be configured to audit Object Access - Other Object Access Events successes
|
|
V-278063
|
Medium
|
Windows Server 2025 must be configured to audit Object Access - Other Object Access Events failures
|
|
V-278064
|
Medium
|
Windows Server 2025 must be configured to audit Object Access - Removable Storage successes
|
|
V-278065
|
Medium
|
Windows Server 2025 must be configured to audit Object Access - Removable Storage failures
|
|
V-278066
|
Medium
|
Windows Server 2025 must be configured to audit Policy Change - Audit Policy Change successes
|
|
V-278067
|
Medium
|
Windows Server 2025 must be configured to audit Policy Change - Audit Policy Change failures
|
|
V-278068
|
Medium
|
Windows Server 2025 must be configured to audit Policy Change - Authentication Policy Change succ...
|
|
V-278069
|
Medium
|
Windows Server 2025 must be configured to audit Policy Change - Authorization Policy Change succe...
|
|
V-278070
|
Medium
|
Windows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use successes
|
|
V-278071
|
Medium
|
Windows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use failures
|
|
V-278072
|
Medium
|
Windows Server 2025 must be configured to audit System - IPsec Driver successes
|
|
V-278073
|
Medium
|
Windows Server 2025 must be configured to audit System - IPsec Driver failures
|
|
V-278074
|
Medium
|
Windows Server 2025 must be configured to audit System - Other System Events successes
|
|
V-278075
|
Medium
|
Windows Server 2025 must be configured to audit System - Other System Events failures
|
|
V-278076
|
Medium
|
Windows Server 2025 must be configured to audit System - Security State Change successes
|
|
V-278077
|
Medium
|
Windows Server 2025 must be configured to audit System - Security System Extension successes
|
|
V-278078
|
Medium
|
Windows Server 2025 must be configured to audit System - System Integrity successes
|
|
V-278079
|
Medium
|
Windows Server 2025 must be configured to audit System - System Integrity failures
|
|
V-278080
|
Medium
|
Windows Server 2025 must prevent the display of slide shows on the lock screen
|
|
V-278082
|
Low
|
Windows Server 2025 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-278083
|
Low
|
Windows Server 2025 source routing must be configured to the highest protection level to prevent ...
|
|
V-278084
|
Low
|
Windows Server 2025 must be configured to prevent Internet Control Message Protocol (ICMP) redire...
|
|
V-278085
|
Low
|
Windows Server 2025 must be configured to ignore NetBIOS name release requests except from WINS s...
|
|
V-278086
|
Medium
|
Windows Server 2025 insecure logons to an SMB server must be disabled
|
|
V-278087
|
Medium
|
Windows Server 2025 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-278088
|
Medium
|
Windows Server 2025 command line data must be included in process creation events
|
|
V-278089
|
Medium
|
Windows Server 2025 must be configured to enable Remote host allows delegation of nonexportable c...
|
|
V-278090
|
Medium
|
Windows Server 2025 virtualization-based security must be enabled with the platform security leve...
|
|
V-278091
|
Medium
|
Windows Server 2025 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-278092
|
Medium
|
Windows Server 2025 group policy objects must be reprocessed even if they have not changed
|
|
V-278093
|
Medium
|
Windows Server 2025 downloading print driver packages over HTTP must be turned off
|
|
V-278094
|
Medium
|
Windows Server 2025 printing over HTTP must be turned off
|
|
V-278095
|
Medium
|
Windows Server 2025 network selection user interface (UI) must not be displayed on the logon screen
|
|
V-278096
|
Medium
|
Windows Server 2025 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-278097
|
Medium
|
Windows Server 2025 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-278098
|
Low
|
Windows Server 2025 Application Compatibility Program Inventory must be prevented from collecting...
|
|
V-278099
|
High
|
Windows Server 2025 AutoPlay must be turned off for nonvolume devices
|
|
V-278100
|
High
|
Windows Server 2025 default AutoRun behavior must be configured to prevent AutoRun commands
|
|
V-278101
|
High
|
Windows Server 2025 AutoPlay must be disabled for all drives
|
|
V-278102
|
Medium
|
Windows Server 2025 administrator accounts must not be enumerated during elevation
|
|
V-278103
|
Medium
|
Windows Server 2025 Telemetry must be configured to limit diagnostic data sent to Microsoft
|
|
V-278104
|
Low
|
Windows Server 2025 Windows Update must not obtain updates from other PCs on the internet
|
|
V-278105
|
Medium
|
Windows Server 2025 Application event log size must be configured to 32768 KB or greater
|
|
V-278106
|
Medium
|
Windows Server 2025 Security event log size must be configured to 196608 KB or greater
|
|
V-278107
|
Medium
|
Windows Server 2025 System event log size must be configured to 32768 KB or greater
|
|
V-278108
|
Medium
|
Windows Server 2025 Microsoft Defender antivirus SmartScreen must be enabled
|
|
V-278109
|
Medium
|
Windows Server 2025 Explorer Data Execution Prevention must be enabled
|
|
V-278110
|
Low
|
Windows Server 2025 Turning off File Explorer heap termination on corruption must be disabled
|
|
V-278111
|
Medium
|
Windows Server 2025 File Explorer shell protocol must run in protected mode
|
|
V-278112
|
Medium
|
Windows Server 2025 must not save passwords in the Remote Desktop Client
|
|
V-278113
|
Medium
|
Windows Server 2025 Remote Desktop Services must prevent drive redirection
|
|
V-278114
|
Medium
|
Windows Server 2025 Remote Desktop Services must always prompt a client for passwords upon connec...
|
|
V-278115
|
Medium
|
Windows Server 2025 Remote Desktop Services must require secure Remote Procedure Call (RPC) commu...
|
|
V-278116
|
Medium
|
Windows Server 2025 Remote Desktop Services must be configured with the client connection encrypt...
|
|
V-278117
|
Medium
|
Windows Server 2025 must prevent attachments from being downloaded from RSS feeds
|
|
V-278118
|
Medium
|
Windows Server 2025 must disable Basic authentication for RSS feeds over HTTP
|
|
V-278119
|
Medium
|
Windows Server 2025 must prevent Indexing of encrypted files
|
|
V-278120
|
Medium
|
Windows Server 2025 must prevent users from changing installation options
|
|
V-278121
|
High
|
Windows Server 2025 must disable the Windows Installer Always install with elevated privileges op...
|
|
V-278122
|
Medium
|
Windows Server 2025 users must be notified if a web-based program attempts to install software
|
|
V-278123
|
Medium
|
Windows Server 2025 must disable automatically signing in the last interactive user after a syste...
|
|
V-278124
|
Medium
|
Windows Server 2025 PowerShell script block logging must be enabled
|
|
V-278125
|
High
|
Windows Server 2025 Windows Remote Management (WinRM) client must not use Basic authentication
|
|
V-278126
|
Medium
|
Windows Server 2025 Windows Remote Management (WinRM) client must not allow unencrypted traffic
|
|
V-278127
|
Medium
|
Windows Server 2025 Windows Remote Management (WinRM) client must not use Digest authentication
|
|
V-278128
|
High
|
Windows Server 2025 Windows Remote Management (WinRM) service must not use Basic authentication
|
|
V-278129
|
Medium
|
Windows Server 2025 Windows Remote Management (WinRM) service must not allow unencrypted traffic
|
|
V-278130
|
Medium
|
Windows Server 2025 Windows Remote Management (WinRM) service must not store RunAs credentials
|
|
V-278131
|
Medium
|
Windows Server 2025 must have PowerShell Transcription enabled
|
|
V-278132
|
High
|
Windows Server 2025 must only allow administrators responsible for the domain controller to have ...
|
|
V-278133
|
Medium
|
Windows Server 2025 Kerberos user logon restrictions must be enforced
|
|
V-278134
|
Medium
|
Windows Server 2025 Kerberos service ticket maximum lifetime must be limited to 600 minutes or less
|
|
V-278135
|
Medium
|
Windows Server 2025 Kerberos user ticket lifetime must be limited to 10 hours or less
|
|
V-278136
|
Medium
|
Windows Server 2025 Kerberos policy user ticket renewal maximum lifetime must be limited to seven...
|
|
V-278137
|
Medium
|
Windows Server 2025 computer clock synchronization tolerance must be limited to five minutes or less
|
|
V-278138
|
High
|
Windows Server 2025 permissions on the Active Directory data files must only allow system adminis...
|
|
V-278139
|
High
|
Windows Server 2025 Active Directory SYSVOL directory must have the proper access control permiss...
|
|
V-278140
|
High
|
Windows Server 2025 Active Directory (AD) Group Policy Objects (GPOs) must have proper access con...
|
|
V-278141
|
High
|
Windows Server 2025 Active Directory Domain Controllers Organizational Unit (OU) object must have...
|
|
V-278142
|
High
|
Windows Server 2025 organization created Active Directory Organizational Unit (OU) objects must h...
|
|
V-278143
|
Medium
|
Windows Server 2025 data files owned by users must be on a different logical partition from the d...
|
|
V-278144
|
Medium
|
Windows Server 2025 domain controllers must run on a machine dedicated to that function
|
|
V-278145
|
Medium
|
Windows Server 2025 must use separate, NSA-approved (Type 1) cryptography to protect the director...
|
|
V-278146
|
High
|
Windows Server 2025 directory data (outside the root DSE) of a nonpublic directory must be config...
|
|
V-278147
|
Low
|
Windows Server 2025 directory service must be configured to terminate LDAP-based network connecti...
|
|
V-278148
|
Medium
|
Windows Server 2025 Active Directory Group Policy Objects (GPOs) must be configured with proper a...
|
|
V-278149
|
Medium
|
Windows Server 2025 Active Directory (AD) Domain object must be configured with proper audit sett...
|
|
V-278150
|
Medium
|
Windows Server 2025 Active Directory (AD) Infrastructure object must be configured with proper au...
|
|
V-278151
|
Medium
|
Windows Server 2025 Active Directory (AD) Domain Controllers Organizational Unit (OU) object must...
|
|
V-278152
|
Medium
|
Windows Server 2025 Active Directory (AD) AdminSDHolder object must be configured with proper aud...
|
|
V-278153
|
Medium
|
Windows Server 2025 Active Directory (AD) RID Manager$ object must be configured with proper audi...
|
|
V-278154
|
Medium
|
Windows Server 2025 must be configured to audit Account Management - Computer Account Management ...
|
|
V-278155
|
Medium
|
Windows Server 2025 must be configured to audit DS Access - Directory Service Access successes
|
|
V-278156
|
Medium
|
Windows Server 2025 must be configured to audit DS Access - Directory Service Access failures
|
|
V-278157
|
Medium
|
Windows Server 2025 must be configured to audit DS Access - Directory Service Changes successes
|
|
V-278158
|
Medium
|
Windows Server 2025 must be configured to audit DS Access - Directory Service Changes failures
|
|
V-278159
|
Medium
|
Windows Server 2025 domain controllers must have a PKI server certificate
|
|
V-278160
|
High
|
Windows Server 2025 domain Controller PKI certificates must be issued by the DOD PKI or an approv...
|
|
V-278161
|
High
|
Windows Server 2025 PKI certificates associated with user accounts must be issued by a DOD PKI or...
|
|
V-278162
|
Medium
|
Windows Server 2025 Active Directory (AD) user accounts, including administrators, must be config...
|
|
V-278163
|
Medium
|
Windows Server 2025 domain controllers must require LDAP access signing
|
|
V-278164
|
Medium
|
Windows Server 2025 domain controllers must be configured to allow reset of machine account passw...
|
|
V-278165
|
Medium
|
The Windows Server 2025 "Access this computer from the network" user right must only be assigned ...
|
|
V-278166
|
Medium
|
The Windows Server 2025 "Add workstations to domain" user right must only be assigned to the Admi...
|
|
V-278167
|
Medium
|
The Windows Server 2025 "Allow log on through Remote Desktop Services" user right must only be as...
|
|
V-278168
|
Medium
|
The Windows Server 2025 "Deny access to this computer from the network" user right on domain cont...
|
|
V-278169
|
Medium
|
The Windows Server 2025 "Deny log on as a batch job" user right on domain controllers must be con...
|
|
V-278170
|
Medium
|
The Windows Server 2025 "Deny log on as a service" user right must be configured to include no ac...
|
|
V-278171
|
Medium
|
The Windows Server 2025 "Deny log on locally" user right on domain controllers must be configured...
|
|
V-278172
|
Medium
|
Windows Server 2025 must be configured for certificate-based authentication for domain controllers
|
|
V-278173
|
Medium
|
Windows Server 2025 must be configured for name-based strong mappings for certificates
|
|
V-278174
|
Medium
|
The Windows Server 2025 "Deny log on through Remote Desktop Services" user right on domain contro...
|
|
V-278175
|
Medium
|
The Windows Server 2025 "Enable computer and user accounts to be trusted for delegation" user rig...
|
|
V-278176
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-278177
|
High
|
Windows Server 2025 must only allow administrators responsible for the member server or stand-alo...
|
|
V-278178
|
Medium
|
Windows Server 2025 local administrator accounts must have their privileged token filtered to pre...
|
|
V-278179
|
Medium
|
Windows Server 2025 local users on domain-joined member servers must not be enumerated
|
|
V-278180
|
Medium
|
Windows Server 2025 must restrict unauthenticated Remote Procedure Call (RPC) clients from connec...
|
|
V-278181
|
Medium
|
Windows Server 2025 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-278182
|
Medium
|
Windows Server 2025 must restrict remote calls to the Security Account Manager (SAM) to Administr...
|
|
V-278183
|
Medium
|
Windows Server 2025 "Access this computer from the network" user right must only be assigned to t...
|
|
V-278184
|
Medium
|
The Windows Server 2025 "Deny access to this computer from the network" user right on domain-join...
|
|
V-278185
|
Medium
|
Windows Server 2025 Deny log on as a batch job user right on domain-joined member servers must be...
|
|
V-278186
|
Medium
|
The Windows Server 2025 "Deny log on as a service" user right on domain-joined member servers mus...
|
|
V-278187
|
Medium
|
The Windows Server 2025 "Deny log on locally" user right on domain-joined member servers must be ...
|
|
V-278188
|
Medium
|
The Windows Server 2025 "Deny log on through Remote Desktop Services" user right on domain-joined...
|
|
V-278189
|
Medium
|
The Windows Server 2025 "Enable computer and user accounts to be trusted for delegation" user rig...
|
|
V-278190
|
High
|
Windows Server 2025 must be running Credential Guard on domain-joined member servers
|
|
V-278192
|
Medium
|
Windows Server 2025 must have the DOD Root Certificate Authority (CA) certificates installed in t...
|
|
V-278193
|
Medium
|
Windows Server 2025 must have the DOD Interoperability Root Certificate Authority (CA) cross-cert...
|
|
V-278194
|
Medium
|
Windows Server 2025 must have the US DOD CCEB Interoperability Root CA cross-certificates in the ...
|
|
V-278195
|
Medium
|
Windows Server 2025 must have the built-in guest account disabled
|
|
V-278196
|
High
|
Windows Server 2025 must prevent local accounts with blank passwords from being used from the net...
|
|
V-278197
|
Medium
|
The Windows Server 2025 built-in administrator account must be renamed
|
|
V-278198
|
Medium
|
The Windows Server 2025 built-in guest account must be renamed
|
|
V-278199
|
Medium
|
Windows Server 2025 must force audit policy subcategory settings to override audit policy categor...
|
|
V-278200
|
Medium
|
The Windows Server 2025 setting Domain member: Digitally encrypt or sign secure channel data (alw...
|
|
V-278201
|
Medium
|
Windows Server 2025 setting Domain member: Digitally encrypt secure channel data (when possible) ...
|
|
V-278202
|
Medium
|
The Windows Server 2025 setting Domain member: Digitally sign secure channel data (when possible)...
|
|
V-278203
|
Medium
|
Windows Server 2025 computer account password must not be prevented from being reset
|
|
V-278204
|
Medium
|
Windows Server 2025 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-278205
|
Medium
|
Windows Server 2025 must be configured to require a strong session key
|
|
V-278206
|
Medium
|
Windows Server 2025 machine inactivity limit must be set to 15 minutes or less, locking the syste...
|
|
V-278207
|
Medium
|
The Windows Server 2025 required legal notice must be configured to display before console logon
|
|
V-278208
|
Low
|
Windows Server 2025 title for legal banner dialog box must be configured with the appropriate text
|
|
V-278209
|
Medium
|
The Windows Server 2025 Smart Card removal option must be configured to Force Logoff or Lock Work...
|
|
V-278210
|
Medium
|
The Windows Server 2025 setting Microsoft network client: Digitally sign communications (always) ...
|
|
V-278211
|
Medium
|
The Windows Server 2025 setting Microsoft network client: Digitally sign communications (if serve...
|
|
V-278212
|
Medium
|
Windows Server 2025 unencrypted passwords must not be sent to third-party Server Message Block (S...
|
|
V-278213
|
Medium
|
The Windows Server 2025 setting Microsoft network server: Digitally sign communications (always) ...
|
|
V-278214
|
Medium
|
The Windows Server 2025 setting Microsoft network server: Digitally sign communications (if clien...
|
|
V-278215
|
High
|
Windows Server 2025 must not allow anonymous SID/Name translation
|
|
V-278216
|
High
|
Windows Server 2025 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-278217
|
High
|
Windows Server 2025 must not allow anonymous enumeration of shares
|
|
V-278218
|
Medium
|
Windows Server 2025 must be configured to prevent anonymous users from having the same permission...
|
|
V-278219
|
High
|
Windows Server 2025 must restrict anonymous access to Named Pipes and Shares
|
|
V-278220
|
Medium
|
Windows Server 2025 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-278221
|
Medium
|
Windows Server 2025 must prevent NTLM from falling back to a Null session
|
|
V-278222
|
Medium
|
Windows Server 2025 must prevent PKU2U authentication using online identities
|
|
V-278223
|
Medium
|
Windows Server 2025 Kerberos encryption types must be configured to prevent the use of DES and RC...
|
|
V-278225
|
High
|
Windows Server 2025 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-278226
|
Medium
|
Windows Server 2025 must be configured to at least negotiate signing for LDAP client signing
|
|
V-278227
|
Medium
|
Windows Server 2025 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-278228
|
Medium
|
Windows Server 2025 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-278229
|
Medium
|
Windows Server 2025 users must be required to enter a password to access private keys stored on t...
|
|
V-278230
|
Medium
|
Windows Server 2025 must be configured to use FIPS-compliant algorithms for encryption, hashing, ...
|
|
V-278231
|
Low
|
Windows Server 2025 default permissions of global system objects must be strengthened
|
|
V-278232
|
Medium
|
Windows Server 2025 User Account Control (UAC) approval mode for the built-in Administrator must ...
|
|
V-278233
|
Medium
|
Windows Server 2025 UIAccess applications must not be allowed to prompt for elevation without usi...
|
|
V-278234
|
Medium
|
Windows Server 2025 User Account Control (UAC) must, at a minimum, prompt administrators for cons...
|
|
V-278235
|
Medium
|
Windows Server 2025 User Account Control (UAC) must automatically deny standard user requests for...
|
|
V-278236
|
Medium
|
Windows Server 2025 User Account Control (UAC) must be configured to detect application installat...
|
|
V-278237
|
Medium
|
Windows Server 2025 User Account Control (UAC) must only elevate UIAccess applications that are i...
|
|
V-278238
|
Medium
|
Windows Server 2025 User Account Control (UAC) must run all administrators in Admin Approval Mode...
|
|
V-278239
|
Medium
|
Windows Server 2025 User Account Control (UAC) must virtualize file and registry write failures t...
|
|
V-278240
|
Medium
|
Windows Server 2025 must preserve zone information when saving attachments
|
|
V-278241
|
Medium
|
The Windows Server 2025 "Access Credential Manager as a trusted caller" user right must not be as...
|
|
V-278242
|
High
|
The Windows Server 2025 "Act as part of the operating system" user right must not be assigned to ...
|
|
V-278243
|
Medium
|
The Windows Server 2025 "Allow log on locally" user right must only be assigned to the Administra...
|
|
V-278244
|
Medium
|
The Windows Server 2025 "Back up files and directories" user right must only be assigned to the A...
|
|
V-278245
|
Medium
|
The Windows Server 2025 "Create a pagefile" user right must only be assigned to the Administrator...
|
|
V-278246
|
High
|
The Windows Server 2025 "Create a token object" user right must not be assigned to any groups or ...
|
|
V-278247
|
Medium
|
The Windows Server 2025 "Create global objects" user right must only be assigned to Administrator...
|
|
V-278248
|
Medium
|
The Windows Server 2025 "Create permanent shared objects" user right must not be assigned to any ...
|
|
V-278249
|
Medium
|
The Windows Server 2025 "Create symbolic links" user right must only be assigned to the Administr...
|
|
V-278250
|
High
|
The Windows Server 2025 "Debug programs" user right must only be assigned to the Administrators g...
|
|
V-278251
|
Medium
|
The Windows Server 2025 "Force shutdown from a remote system" user right must only be assigned to...
|
|
V-278252
|
Medium
|
The Windows Server 2025 "Generate security audits" user right must only be assigned to Local Serv...
|
|
V-278253
|
Medium
|
The Windows Server 2025 "Impersonate a client after authentication" user right must only be assig...
|
|
V-278254
|
Medium
|
The Windows Server 2025 "Increase scheduling priority" user right must only be assigned to the Ad...
|
|
V-278255
|
Medium
|
The Windows Server 2025 "Load and unload device drivers" user right must only be assigned to the ...
|
|
V-278256
|
Medium
|
The Windows Server 2025 "Lock pages in memory" user right must not be assigned to any groups or a...
|
|
V-278257
|
Medium
|
The Windows Server 2025 "Manage auditing and security log" user right must only be assigned to th...
|
|
V-278258
|
Medium
|
The Windows Server 2025 "Modify firmware environment values" user right must only be assigned to ...
|
|
V-278259
|
Medium
|
The Windows Server 2025 "Perform volume maintenance tasks" user right must only be assigned to th...
|
|
V-278260
|
Medium
|
The Windows Server 2025 "Profile single process" user right must only be assigned to the Administ...
|
|
V-278261
|
Medium
|
The Windows Server 2025 "Restore files and directories" user right must only be assigned to the A...
|
|
V-278262
|
Medium
|
The Windows Server 2025 "Take ownership of files or other objects" user right must only be assign...
|
|
V-279916
|
Medium
|
Windows Server 2025 must be configured to audit file system failures
|
|
V-279917
|
Medium
|
Windows Server 2025 must be configured to audit file system successes
|
|
V-279918
|
Medium
|
Windows Server 2025 must be configured to audit handle manipulation failures
|
|
V-279919
|
Medium
|
Windows Server 2025 must be configured to audit handle manipulation successes
|
|
V-279920
|
Medium
|
Windows Server 2025 must be configured to audit registry failures
|
|
V-279921
|
Medium
|
Windows Server 2025 must be configured to audit registry successes
|
|
V-279922
|
Medium
|
Windows Server 2025 must be configured to audit sensitive privilege use successes
|
|
V-279923
|
Medium
|
Windows Server 2025 must be configured to audit sensitive privilege use failures
|