| Vulnerability ID |
Severity |
Description |
|
V-254247
|
Medium
|
Windows Server 2022 must be maintained at a supported servicing level
|
|
V-254355
|
Medium
|
Windows Server 2022 administrator accounts must not be enumerated during elevation
|
|
V-205714
|
Medium
|
Windows Server 2019 administrator accounts must not be enumerated during elevation
|
|
V-253391
|
Medium
|
Windows 11 administrator accounts must not be enumerated during elevation
|
|
V-220832
|
Medium
|
Windows 10 administrator accounts must not be enumerated during elevation
|
|
V-205751
|
Medium
|
Windows Server 2019 back up files and directories user right must only be assigned to the Adminis...
|
|
V-254289
|
Medium
|
Windows Server 2022 maximum password age must be configured to 60 days or less
|
|
V-205659
|
Medium
|
Windows Server 2019 maximum password age must be configured to 60 days or less
|
|
V-253301
|
Medium
|
The maximum password age must be configured to 60 days or less
|
|
V-220743
|
Medium
|
The maximum password age must be configured to 60 days or less.
|
|
V-254447
|
Medium
|
Windows Server 2022 built-in administrator account must be renamed
|
|
V-205909
|
Medium
|
Windows Server 2019 built-in administrator account must be renamed
|
|
V-253435
|
Medium
|
The built-in administrator account must be renamed
|
|
V-220911
|
Medium
|
The built-in administrator account must be renamed
|
|
V-254291
|
Medium
|
Windows Server 2022 minimum password length must be configured to 14 characters
|
|
V-205662
|
Medium
|
Windows Server 2019 minimum password length must be configured to 14 characters
|
|
V-253303
|
Medium
|
Passwords must, at a minimum, be 14 characters
|
|
V-220745
|
Medium
|
Passwords must, at a minimum, be 14 characters
|
|
V-254290
|
Medium
|
Windows Server 2022 minimum password age must be configured to at least one day
|
|
V-205656
|
Medium
|
Windows Server 2019 minimum password age must be configured to at least one day.
|
|
V-253302
|
Medium
|
The minimum password age must be configured to at least 1 day
|
|
V-220744
|
Medium
|
The minimum password age must be configured to at least 1 day
|
|
V-254448
|
Medium
|
Windows Server 2022 built-in guest account must be renamed
|
|
V-205910
|
Medium
|
Windows Server 2019 built-in guest account must be renamed
|
|
V-220912
|
Medium
|
The built-in guest account must be renamed
|
|
V-253436
|
Medium
|
The built-in guest account must be renamed
|
|
V-254424
|
Medium
|
Windows Server 2022 Deny log on locally user right on domain controllers must be configured to pr...
|
|
V-254438
|
Medium
|
Windows Server 2022 Deny log on locally user right on domain-joined member servers must be config...
|
|
V-205670
|
Medium
|
Windows Server 2019 Deny log on locally user right on domain controllers must be configured to pr...
|
|
V-205675
|
Medium
|
Windows Server 2019 Deny log on locally user right on domain-joined member servers must be config...
|
|
V-220971
|
Medium
|
The Deny log on locally user right on workstations must be configured to prevent access from high...
|
|
V-253494
|
Medium
|
The "Deny log on locally" user right on workstations must be configured to prevent access from hi...
|
|
V-254440
|
Medium
|
Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right mus...
|
|
V-205748
|
Medium
|
Windows Server 2019 "Enable computer and user accounts to be trusted for delegation" user right m...
|
|
V-220973
|
Medium
|
The Enable computer and user accounts to be trusted for delegation user right must not be assigne...
|
|
V-253496
|
Medium
|
The "Enable computer and user accounts to be trusted for delegation" user right must not be assig...
|
|
V-254426
|
Medium
|
Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right mus...
|
|
V-205745
|
Medium
|
Windows Server 2019 Enable computer and user accounts to be trusted for delegation user right mus...
|
|
V-220910
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-253434
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-254429
|
Medium
|
Windows Server 2022 local administrator accounts must have their privileged token filtered to pre...
|
|
V-205715
|
Medium
|
Windows Server 2019 local administrator accounts must have their privileged token filtered to pre...
|
|
V-253357
|
Medium
|
Local administrator accounts must have their privileged token filtered to prevent elevated privil...
|
|
V-220799
|
Medium
|
Local administrator accounts must have their privileged token filtered to prevent elevated privil...
|
|
V-253432
|
Medium
|
The built-in administrator account must be disabled.
|
|
V-220908
|
Medium
|
The built-in administrator account must be disabled
|
|
V-254445
|
Medium
|
Windows Server 2022 must have the built-in guest account disabled
|
|
V-205709
|
Medium
|
Windows Server 2019 must have the built-in guest account disabled
|
|
V-253433
|
Medium
|
The built-in guest account must be disabled
|
|
V-220909
|
Medium
|
The built-in guest account must be disabled
|
|
V-254372
|
Medium
|
Windows Server 2022 must prevent Indexing of encrypted files
|
|
V-205694
|
Medium
|
Windows Server 2019 must prevent Indexing of encrypted files
|
|
V-253409
|
Medium
|
Indexing of encrypted files must be turned off
|
|
V-220855
|
Medium
|
Indexing of encrypted files must be turned off
|
|
V-254494
|
Medium
|
Windows Server 2022 back up files and directories user right must only be assigned to the Adminis...
|
|
V-253483
|
Medium
|
The "Back up files and directories" user right must only be assigned to the Administrators group
|
|
V-220960
|
Medium
|
The Back up files and directories user right must only be assigned to the Administrators group
|
|
V-254317
|
Medium
|
Windows Server 2022 must be configured to audit Object Access - Removable Storage successes
|
|
V-205840
|
Medium
|
Windows Server 2019 must be configured to audit Object Access - Removable Storage successes
|
|
V-253324
|
Medium
|
The system must be configured to audit Object Access - Removable Storage successes
|
|
V-220766
|
Medium
|
The system must be configured to audit Object Access - Removable Storage successes
|
|
V-254285
|
Medium
|
Windows Server 2022 account lockout duration must be configured to 15 minutes or greater
|
|
V-205795
|
Medium
|
Windows Server 2019 account lockout duration must be configured to 15 minutes or greater
|
|
V-253297
|
Medium
|
Windows 11 account lockout duration must be configured to 15 minutes or greater
|
|
V-220739
|
Medium
|
Windows 10 account lockout duration must be configured to 15 minutes or greater
|
|
V-254342
|
Medium
|
Windows Server 2022 must be configured to enable Remote host allows delegation of nonexportable c...
|
|
V-205863
|
Medium
|
Windows Server 2019 must be configured to enable Remote host allows delegation of non-exportable ...
|
|
V-253368
|
Medium
|
Windows 11 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-220810
|
Medium
|
Windows 10 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-254376
|
Medium
|
Windows Server 2022 must disable automatically signing in the last interactive user after a syste...
|
|
V-205925
|
Medium
|
Windows Server 2019 must disable automatically signing in the last interactive user after a syste...
|
|
V-253413
|
Medium
|
Automatically signing in the last interactive user after a system-initiated restart must be disabled
|
|
V-220859
|
Medium
|
Automatically signing in the last interactive user after a system-initiated restart must be disabled
|
|
V-254292
|
Medium
|
Windows Server 2022 must have the built-in Windows password complexity policy enabled
|
|
V-205652
|
Medium
|
Windows Server 2019 must have the built-in Windows password complexity policy enabled
|
|
V-253304
|
Medium
|
The built-in Microsoft password complexity filter must be enabled
|
|
V-220746
|
Medium
|
The built-in Microsoft password complexity filter must be enabled
|
|
V-254287
|
Medium
|
Windows Server 2022 must have the period of time before the bad logon counter is reset configured...
|
|
V-205630
|
Medium
|
Windows Server 2019 must have the period of time before the bad logon counter is reset configured...
|
|
V-253299
|
Medium
|
The period of time before the bad logon counter is reset must be configured to 15 minutes
|
|
V-220741
|
Medium
|
The period of time before the bad logon counter is reset must be configured to 15 minutes
|
|
V-254257
|
Medium
|
Windows Server 2022 accounts must require passwords
|
|
V-205700
|
Medium
|
Windows Server 2019 accounts must require passwords
|
|
V-254453
|
Medium
|
Windows Server 2022 computer account password must not be prevented from being reset
|
|
V-205815
|
Medium
|
Windows Server 2019 computer account password must not be prevented from being reset
|
|
V-254286
|
Medium
|
Windows Server 2022 must have the number of allowed bad logon attempts configured to three or less
|
|
V-205629
|
Medium
|
Windows Server 2019 must have the number of allowed bad logon attempts configured to three or less
|
|
V-253298
|
Medium
|
The number of allowed bad logon attempts must be configured to three or less
|
|
V-220740
|
Medium
|
The number of allowed bad logon attempts must be configured to 3 or less
|
|
V-254483
|
Medium
|
Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without usi...
|
|
V-205716
|
Medium
|
Windows Server 2019 UIAccess applications must not be allowed to prompt for elevation without usi...
|
|
V-254482
|
Medium
|
Windows Server 2022 User Account Control (UAC) approval mode for the built-in Administrator must ...
|
|
V-205811
|
Medium
|
Windows Server 2019 User Account Control approval mode for the built-in Administrator must be ena...
|
|
V-253468
|
Medium
|
User Account Control approval mode for the built-in Administrator must be enabled
|
|
V-220944
|
Medium
|
User Account Control approval mode for the built-in Administrator must be enabled
|
|
V-254485
|
Medium
|
Windows Server 2022 User Account Control (UAC) must automatically deny standard user requests for...
|
|
V-205812
|
Medium
|
Windows Server 2019 User Account Control must automatically deny standard user requests for eleva...
|
|
V-253471
|
Medium
|
User Account Control must automatically deny elevation requests for standard users
|
|
V-220947
|
Medium
|
User Account Control must automatically deny elevation requests for standard users
|
|
V-254488
|
Medium
|
Windows Server 2022 User Account Control (UAC) must run all administrators in Admin Approval Mode...
|
|
V-205813
|
Medium
|
Windows Server 2019 User Account Control must run all administrators in Admin Approval Mode, enab...
|
|
V-253474
|
Medium
|
User Account Control must run all administrators in Admin Approval Mode, enabling UAC
|
|
V-220950
|
Medium
|
User Account Control must run all administrators in Admin Approval Mode, enabling UAC
|
|
V-254486
|
Medium
|
Windows Server 2022 User Account Control (UAC) must be configured to detect application installat...
|
|
V-205718
|
Medium
|
Windows Server 2019 User Account Control must be configured to detect application installations a...
|
|
V-253472
|
Medium
|
User Account Control must be configured to detect application installations and prompt for elevation
|
|
V-220948
|
Medium
|
User Account Control must be configured to detect application installations and prompt for elevation
|
|
V-254489
|
Medium
|
Windows Server 2022 User Account Control (UAC) must virtualize file and registry write failures t...
|
|
V-205720
|
Medium
|
Windows Server 2019 User Account Control (UAC) must virtualize file and registry write failures t...
|
|
V-253475
|
Medium
|
User Account Control must virtualize file and registry write failures to per-user locations
|
|
V-220951
|
Medium
|
User Account Control must virtualize file and registry write failures to per-user locations
|
|
V-254484
|
Medium
|
Windows Server 2022 User Account Control (UAC) must, at a minimum, prompt administrators for cons...
|
|
V-205717
|
Medium
|
Windows Server 2019 User Account Control must, at a minimum, prompt administrators for consent on...
|
|
V-253469
|
Medium
|
User Account Control must prompt administrators for consent on the secure desktop
|
|
V-220945
|
Medium
|
User Account Control must, at minimum, prompt administrators for consent on the secure desktop
|
|
V-254487
|
Medium
|
Windows Server 2022 User Account Control (UAC) must only elevate UIAccess applications that are i...
|
|
V-205719
|
Medium
|
Windows Server 2019 User Account Control (UAC) must only elevate UIAccess applications that are i...
|
|
V-253473
|
Medium
|
User Account Control must only elevate UIAccess applications that are installed in secure locations
|
|
V-220949
|
Medium
|
User Account Control must only elevate UIAccess applications that are installed in secure locations
|
|
V-254349
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-205867
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-253380
|
Medium
|
Users must be prompted for a password on resume from sleep (on battery)
|
|
V-220821
|
Medium
|
Users must be prompted for a password on resume from sleep (on battery)
|
|
V-254350
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-205868
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-253381
|
Medium
|
The user must be prompted for a password on resume from sleep (plugged in)
|
|
V-220822
|
Medium
|
The user must be prompted for a password on resume from sleep (plugged in)
|
|
V-254479
|
Medium
|
Windows Server 2022 users must be required to enter a password to access private keys stored on t...
|
|
V-205651
|
Medium
|
Windows Server 2019 users must be required to enter a password to access private keys stored on t...
|
|
V-254341
|
Medium
|
Windows Server 2022 command line data must be included in process creation events
|
|
V-205638
|
Medium
|
Windows Server 2019 command line data must be included in process creation events
|
|
V-220809
|
Medium
|
Command line data must be included in process creation events
|
|
V-253367
|
Medium
|
Command line data must be included in process creation events
|
|
V-254299
|
Medium
|
Windows Server 2022 Event Viewer must be protected from unauthorized modification and deletion
|
|
V-205731
|
Medium
|
Windows Server 2019 Event Viewer must be protected from unauthorized modification and deletion
|
|
V-254358
|
Medium
|
Windows Server 2022 Application event log size must be configured to 32768 KB or greater
|
|
V-205796
|
Medium
|
Windows Server 2019 Application event log size must be configured to 32768 KB or greater
|
|
V-253337
|
Medium
|
The Application event log size must be configured to 32768 KB or greater
|
|
V-220779
|
Medium
|
The Application event log size must be configured to 32768 KB or greater
|
|
V-254359
|
Medium
|
Windows Server 2022 Security event log size must be configured to 196608 KB or greater
|
|
V-205797
|
Medium
|
Windows Server 2019 Security event log size must be configured to 196608 KB or greater
|
|
V-253338
|
Medium
|
The Security event log size must be configured to 1024000 KB or greater
|
|
V-220780
|
Medium
|
The Security event log size must be configured to 1024000 KB or greater
|
|
V-254360
|
Medium
|
Windows Server 2022 System event log size must be configured to 32768 KB or greater
|
|
V-205798
|
Medium
|
Windows Server 2019 System event log size must be configured to 32768 KB or greater
|
|
V-253339
|
Medium
|
The System event log size must be configured to 32768 KB or greater
|
|
V-220781
|
Medium
|
The System event log size must be configured to 32768 KB or greater
|
|
V-254449
|
Medium
|
Windows Server 2022 must force audit policy subcategory settings to override audit policy categor...
|
|
V-205644
|
Medium
|
Windows Server 2019 must force audit policy subcategory settings to override audit policy categor...
|
|
V-253437
|
Medium
|
Audit policy using subcategories must be enabled
|
|
V-220913
|
Medium
|
Audit policy using subcategories must be enabled
|
|
V-254297
|
Medium
|
Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged a...
|
|
V-205641
|
Medium
|
Windows Server 2019 permissions for the Security event log must prevent access by non-privileged ...
|
|
V-253341
|
Medium
|
Windows 11 permissions for the Security event log must prevent access by non-privileged accounts
|
|
V-220783
|
Medium
|
Windows 10 permissions for the Security event log must prevent access by non-privileged accounts
|
|
V-254298
|
Medium
|
Windows Server 2022 permissions for the System event log must prevent access by nonprivileged acc...
|
|
V-205642
|
Medium
|
Windows Server 2019 permissions for the System event log must prevent access by non-privileged ac...
|
|
V-253342
|
Medium
|
Windows 11 permissions for the System event log must prevent access by non-privileged accounts
|
|
V-220784
|
Medium
|
Windows 10 permissions for the System event log must prevent access by non-privileged accounts
|
|
V-220828
|
Medium
|
The default autorun behavior must be configured to prevent autorun commands
|
|
V-205624
|
Medium
|
Windows Server 2019 must automatically remove or disable temporary user accounts after 72 hours
|
|
V-254334
|
Medium
|
Windows Server 2022 must have WDigest Authentication disabled
|
|
V-205687
|
Medium
|
Windows Server 2019 must have WDigest Authentication disabled
|
|
V-253358
|
Medium
|
WDigest Authentication must be disabled
|
|
V-220800
|
Medium
|
WDigest Authentication must be disabled
|
|
V-254417
|
Medium
|
Windows Server 2022 domain controllers must be configured to allow reset of machine account passw...
|
|
V-205876
|
Medium
|
Windows Server 2019 domain controllers must be configured to allow reset of machine account passw...
|
|
V-254416
|
Medium
|
Windows Server 2022 domain controllers must require LDAP access signing
|
|
V-205820
|
Medium
|
Windows Server 2019 domain controllers must require LDAP access signing
|
|
V-254427
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-205877
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-254432
|
Medium
|
Windows Server 2022 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-205906
|
Medium
|
Windows Server 2019 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-254450
|
Medium
|
Windows Server 2022 setting Domain member: Digitally encrypt or sign secure channel data (always)...
|
|
V-205821
|
Medium
|
Windows Server 2019 setting Domain member: Digitally encrypt or sign secure channel data (always)...
|
|
V-254451
|
Medium
|
Windows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) ...
|
|
V-205822
|
Medium
|
Windows Server 2019 setting Domain member: Digitally encrypt secure channel data (when possible) ...
|
|
V-254452
|
Medium
|
Windows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) mus...
|
|
V-205823
|
Medium
|
Windows Server 2019 setting Domain member: Digitally sign secure channel data (when possible) mus...
|
|
V-254345
|
Medium
|
Windows Server 2022 group policy objects must be reprocessed even if they have not changed
|
|
V-205866
|
Medium
|
Windows Server 2019 group policy objects must be reprocessed even if they have not changed
|
|
V-253373
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-220814
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-254340
|
Medium
|
Windows Server 2022 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-205862
|
Medium
|
Windows Server 2019 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-253362
|
Medium
|
Hardened UNC Paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-250319
|
Medium
|
Hardened UNC paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-254430
|
Medium
|
Windows Server 2022 local users on domain-joined member servers must not be enumerated
|
|
V-205696
|
Medium
|
Windows Server 2019 local users on domain-joined member servers must not be enumerated
|
|
V-253379
|
Medium
|
Local users on domain-joined computers must not be enumerated
|
|
V-220820
|
Medium
|
Local users on domain-joined computers must not be enumerated
|
|
V-254454
|
Medium
|
Windows Server 2022 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-205911
|
Medium
|
Windows Server 2019 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-254476
|
Medium
|
Windows Server 2022 must be configured to at least negotiate signing for LDAP client signing
|
|
V-205920
|
Medium
|
Windows Server 2019 must be configured to at least negotiate signing for LDAP client signing
|
|
V-253463
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-220939
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-254364
|
Medium
|
Windows Server 2022 File Explorer shell protocol must run in protected mode
|
|
V-205872
|
Medium
|
Windows Server 2019 File Explorer shell protocol must run in protected mode
|
|
V-253398
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-220839
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-254248
|
Medium
|
Windows Server 2022 must use an antivirus program
|
|
V-254346
|
Medium
|
Windows Server 2022 downloading print driver packages over HTTP must be turned off
|
|
V-205688
|
Medium
|
Windows Server 2019 downloading print driver packages over HTTP must be turned off
|
|
V-253374
|
Medium
|
Downloading print driver packages over HTTP must be prevented
|
|
V-220815
|
Medium
|
Downloading print driver packages over HTTP must be prevented
|
|
V-254344
|
Medium
|
Windows Server 2022 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-205865
|
Medium
|
Windows Server 2019 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-253372
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-220813
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-254456
|
Medium
|
Windows Server 2022 machine inactivity limit must be set to 15 minutes or less, locking the syste...
|
|
V-205633
|
Medium
|
Windows Server 2019 machine inactivity limit must be set to 15 minutes or less, locking the syste...
|
|
V-253444
|
Medium
|
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver
|
|
V-220920
|
Medium
|
The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver
|
|
V-254347
|
Medium
|
Windows Server 2022 printing over HTTP must be turned off
|
|
V-205689
|
Medium
|
Windows Server 2019 printing over HTTP must be turned off
|
|
V-253376
|
Medium
|
Printing over HTTP must be prevented
|
|
V-220817
|
Medium
|
Printing over HTTP must be prevented
|
|
V-253395
|
Medium
|
The Microsoft Defender SmartScreen for Explorer must be enabled
|
|
V-220836
|
Medium
|
The Windows Defender SmartScreen for Explorer must be enabled
|
|
V-254361
|
Medium
|
Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled
|
|
V-205692
|
Medium
|
Windows Server 2019 Windows Defender SmartScreen must be enabled
|
|
V-254333
|
Medium
|
Windows Server 2022 must prevent the display of slide shows on the lock screen
|
|
V-205686
|
Medium
|
Windows Server 2019 must prevent the display of slide shows on the lock screen
|
|
V-254265
|
Medium
|
Windows Server 2022 must have a host-based firewall installed and enabled
|
|
V-253281
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-220724
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-214936
|
Medium
|
Windows Server 2019 must have a host-based firewall installed and enabled
|
|
V-254371
|
Medium
|
Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP
|
|
V-205693
|
Medium
|
Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP
|
|
V-253408
|
Medium
|
Basic authentication for RSS feeds over HTTP must not be used
|
|
V-220854
|
Medium
|
Basic authentication for RSS feeds over HTTP must not be used
|
|
V-223079
|
Medium
|
Checking for signatures on downloaded programs must be enforced
|
|
V-223077
|
Medium
|
Software must be disallowed to run or install with invalid signatures
|
|
V-254348
|
Medium
|
Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen
|
|
V-205690
|
Medium
|
Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen
|
|
V-253378
|
Medium
|
The network selection user interface (UI) must not be displayed on the logon screen
|
|
V-220819
|
Medium
|
The network selection user interface (UI) must not be displayed on the logon screen
|
|
V-254370
|
Medium
|
Windows Server 2022 must prevent attachments from being downloaded from RSS feeds
|
|
V-205873
|
Medium
|
Windows Server 2019 must prevent attachments from being downloaded from RSS feeds
|
|
V-253407
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-220853
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-254457
|
Medium
|
Windows Server 2022 required legal notice must be configured to display before console logon
|
|
V-253445
|
Medium
|
The required legal notice must be configured to display before console logon
|
|
V-205631
|
Medium
|
Windows Server 2019 required legal notice must be configured to display before console logon
|
|
V-220921
|
Medium
|
The required legal notice must be configured to display before console logon
|
|
V-220844
|
Medium
|
The Windows Defender SmartScreen filter for Microsoft Edge must be enabled
|
|
V-220841
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for unverified f...
|
|
V-220840
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for malicious we...
|
|
V-254339
|
Medium
|
Windows Server 2022 insecure logons to an SMB server must be disabled
|
|
V-205861
|
Medium
|
Windows Server 2019 insecure logons to an SMB server must be disabled
|
|
V-253360
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-220802
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-254473
|
Medium
|
Windows Server 2022 Kerberos encryption types must be configured to prevent the use of DES and RC...
|
|
V-205708
|
Medium
|
Windows Server 2019 Kerberos encryption types must be configured to prevent the use of DES and RC...
|
|
V-253460
|
Medium
|
Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites
|
|
V-220936
|
Medium
|
Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites
|
|
V-254460
|
Medium
|
Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must...
|
|
V-205825
|
Medium
|
Windows Server 2019 setting Microsoft network client: Digitally sign communications (always) must...
|
|
V-254461
|
Medium
|
Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server ag...
|
|
V-205826
|
Medium
|
Windows Server 2019 setting Microsoft network client: Digitally sign communications (if server ag...
|
|
V-254463
|
Medium
|
Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must...
|
|
V-205827
|
Medium
|
Windows Server 2019 setting Microsoft network server: Digitally sign communications (always) must...
|
|
V-254464
|
Medium
|
Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client ag...
|
|
V-205828
|
Medium
|
Windows Server 2019 setting Microsoft network server: Digitally sign communications (if client ag...
|
|
V-254468
|
Medium
|
Windows Server 2022 must be configured to prevent anonymous users from having the same permission...
|
|
V-205915
|
Medium
|
Windows Server 2019 must be configured to prevent anonymous users from having the same permission...
|
|
V-253455
|
Medium
|
The system must be configured to prevent anonymous users from having the same rights as the Every...
|
|
V-254277
|
Medium
|
Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client
|
|
V-205684
|
Medium
|
Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client
|
|
V-253288
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client
|
|
V-220731
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client
|
|
V-254276
|
Medium
|
Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server
|
|
V-205683
|
Medium
|
Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server
|
|
V-253287
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server
|
|
V-220730
|
Medium
|
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server
|
|
V-254471
|
Medium
|
Windows Server 2022 must prevent NTLM from falling back to a Null session
|
|
V-205917
|
Medium
|
Windows Server 2019 must prevent NTLM from falling back to a Null session
|
|
V-253458
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-220934
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-254433
|
Medium
|
Windows Server 2022 must restrict remote calls to the Security Account Manager (SAM) to Administr...
|
|
V-205747
|
Medium
|
Windows Server 2019 must restrict remote calls to the Security Account Manager (SAM) to Administr...
|
|
V-253457
|
Medium
|
Remote calls to the Security Account Manager (SAM) must be restricted to Administrators
|
|
V-220933
|
Medium
|
Remote calls to the Security Account Manager (SAM) must be restricted to Administrators
|
|
V-254470
|
Medium
|
Windows Server 2022 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-205916
|
Medium
|
Windows Server 2019 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-254477
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-205921
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-254478
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-205922
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-254462
|
Medium
|
Windows Server 2022 unencrypted passwords must not be sent to third-party Server Message Block (S...
|
|
V-205655
|
Medium
|
Windows Server 2019 unencrypted passwords must not be sent to third-party Server Message Block (S...
|
|
V-253450
|
Medium
|
Unencrypted passwords must not be sent to third-party SMB Servers
|
|
V-220926
|
Medium
|
Unencrypted passwords must not be sent to third-party SMB Servers
|
|
V-254275
|
Medium
|
Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed
|
|
V-205682
|
Medium
|
Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed
|
|
V-253353
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-220795
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-254272
|
Medium
|
Windows Server 2022 must not have Simple TCP/IP Services installed
|
|
V-205680
|
Medium
|
Windows Server 2019 must not have Simple TCP/IP Services installed
|
|
V-253277
|
Medium
|
Simple TCP/IP Services must not be installed on the system
|
|
V-220720
|
Medium
|
Simple TCP/IP Services must not be installed on the system
|
|
V-254288
|
Medium
|
Windows Server 2022 password history must be configured to 24 passwords remembered
|
|
V-205660
|
Medium
|
Windows Server 2019 password history must be configured to 24 passwords remembered
|
|
V-253300
|
Medium
|
The password history must be configured to 24 passwords remembered
|
|
V-220742
|
Medium
|
The password history must be configured to 24 passwords remembered
|
|
V-254258
|
Medium
|
Windows Server 2022 passwords must be configured to expire
|
|
V-205658
|
Medium
|
Windows Server 2019 passwords must be configured to expire
|
|
V-253273
|
Medium
|
Accounts must be configured to require password expiration
|
|
V-220716
|
Medium
|
Accounts must be configured to require password expiration
|
|
V-254377
|
Medium
|
Windows Server 2022 PowerShell script block logging must be enabled
|
|
V-205639
|
Medium
|
Windows Server 2019 PowerShell script block logging must be enabled
|
|
V-253414
|
Medium
|
PowerShell script block logging must be enabled on Windows 11
|
|
V-220860
|
Medium
|
PowerShell script block logging must be enabled on Windows 10
|
|
V-254278
|
Medium
|
Windows Server 2022 must not have Windows PowerShell 2.0 installed
|
|
V-205685
|
Medium
|
Windows Server 2019 must not have Windows PowerShell 2.0 installed
|
|
V-253285
|
Medium
|
The Windows PowerShell 2.0 feature must be disabled on the system
|
|
V-220728
|
Medium
|
The Windows PowerShell 2.0 feature must be disabled on the system
|
|
V-205869
|
Medium
|
Windows Server 2019 Telemetry must be configured to Security or Basic
|
|
V-253393
|
Medium
|
Windows Telemetry must not be configured to Full
|
|
V-220834
|
Medium
|
Windows Telemetry must not be configured to Full
|
|
V-254367
|
Medium
|
Windows Server 2022 Remote Desktop Services must always prompt a client for passwords upon connec...
|
|
V-205809
|
Medium
|
Windows Server 2019 Remote Desktop Services must always prompt a client for passwords upon connec...
|
|
V-253404
|
Medium
|
Remote Desktop Services must always prompt a client for passwords upon connection
|
|
V-220850
|
Medium
|
Remote Desktop Services must always prompt a client for passwords upon connection
|