| Vulnerability ID |
Severity |
Description |
|
V-254247
|
Medium
|
Windows Server 2022 must be maintained at a supported servicing level
|
|
V-205849
|
High
|
Windows Server 2019 must be maintained at a supported servicing level
|
|
V-253263
|
High
|
Windows 11 systems must be maintained at a supported servicing level
|
|
V-220706
|
High
|
Windows 10 systems must be maintained at a supported servicing level
|
|
V-253435
|
Medium
|
The built-in administrator account must be renamed
|
|
V-220911
|
Medium
|
The built-in administrator account must be renamed
|
|
V-254448
|
Medium
|
Windows Server 2022 built-in guest account must be renamed
|
|
V-205910
|
Medium
|
Windows Server 2019 built-in guest account must be renamed
|
|
V-220912
|
Medium
|
The built-in guest account must be renamed
|
|
V-253436
|
Medium
|
The built-in guest account must be renamed
|
|
V-205908
|
High
|
Windows Server 2019 must prevent local accounts with blank passwords from being used from the net...
|
|
V-254446
|
High
|
Windows Server 2022 must prevent local accounts with blank passwords from being used from the net...
|
|
V-220910
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-253434
|
Medium
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-254342
|
Medium
|
Windows Server 2022 must be configured to enable Remote host allows delegation of nonexportable c...
|
|
V-205863
|
Medium
|
Windows Server 2019 must be configured to enable Remote host allows delegation of non-exportable ...
|
|
V-253368
|
Medium
|
Windows 11 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-220810
|
Medium
|
Windows 10 must be configured to enable Remote host allows delegation of non-exportable credentials
|
|
V-260469
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence
|
|
V-253441
|
Low
|
The computer account password must not be prevented from being reset
|
|
V-220917
|
Low
|
The computer account password must not be prevented from being reset
|
|
V-254349
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-205867
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-254350
|
Medium
|
Windows Server 2022 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-205868
|
Medium
|
Windows Server 2019 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-205876
|
Medium
|
Windows Server 2019 domain controllers must be configured to allow reset of machine account passw...
|
|
V-254427
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-205877
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-254441
|
High
|
Windows Server 2022 must be running Credential Guard on domain-joined member servers
|
|
V-205907
|
High
|
Windows Server 2019 must be running Credential Guard on domain-joined member servers
|
|
V-253370
|
High
|
Credential Guard must be running on Windows 11 domain-joined systems
|
|
V-220812
|
High
|
Credential Guard must be running on Windows 10 domain-joined systems
|
|
V-253447
|
Low
|
Caching of logon credentials must be limited
|
|
V-220923
|
Low
|
Caching of logon credentials must be limited
|
|
V-254432
|
Medium
|
Windows Server 2022 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-205906
|
Medium
|
Windows Server 2019 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-254345
|
Medium
|
Windows Server 2022 group policy objects must be reprocessed even if they have not changed
|
|
V-205866
|
Medium
|
Windows Server 2019 group policy objects must be reprocessed even if they have not changed
|
|
V-253373
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-220814
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-254340
|
Medium
|
Windows Server 2022 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-205862
|
Medium
|
Windows Server 2019 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-253362
|
Medium
|
Hardened UNC Paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-250319
|
Medium
|
Hardened UNC paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-254454
|
Medium
|
Windows Server 2022 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-205911
|
Medium
|
Windows Server 2019 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-253442
|
Low
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-220918
|
Low
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-254476
|
Medium
|
Windows Server 2022 must be configured to at least negotiate signing for LDAP client signing
|
|
V-205920
|
Medium
|
Windows Server 2019 must be configured to at least negotiate signing for LDAP client signing
|
|
V-253463
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-220939
|
Medium
|
The system must be configured to the required LDAP client signing level
|
|
V-254364
|
Medium
|
Windows Server 2022 File Explorer shell protocol must run in protected mode
|
|
V-205872
|
Medium
|
Windows Server 2019 File Explorer shell protocol must run in protected mode
|
|
V-253398
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-220839
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-254248
|
Medium
|
Windows Server 2022 must use an antivirus program
|
|
V-205850
|
High
|
Windows Server 2019 must use an anti-virus program
|
|
V-253264
|
High
|
The Windows 11 system must use an antivirus program
|
|
V-220707
|
High
|
The Windows 10 system must use an anti-virus program
|
|
V-254344
|
Medium
|
Windows Server 2022 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-205865
|
Medium
|
Windows Server 2019 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-253372
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-220813
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers
|
|
V-254265
|
Medium
|
Windows Server 2022 must have a host-based firewall installed and enabled
|
|
V-253281
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-220724
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-214936
|
Medium
|
Windows Server 2019 must have a host-based firewall installed and enabled
|
|
V-254370
|
Medium
|
Windows Server 2022 must prevent attachments from being downloaded from RSS feeds
|
|
V-205873
|
Medium
|
Windows Server 2019 must prevent attachments from being downloaded from RSS feeds
|
|
V-253407
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-220853
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-220844
|
Medium
|
The Windows Defender SmartScreen filter for Microsoft Edge must be enabled
|
|
V-220841
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for unverified f...
|
|
V-220840
|
Medium
|
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for malicious we...
|
|
V-254466
|
High
|
Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-205914
|
High
|
Windows Server 2019 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-253453
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-220929
|
High
|
Anonymous enumeration of SAM accounts must not be allowed
|
|
V-254339
|
Medium
|
Windows Server 2022 insecure logons to an SMB server must be disabled
|
|
V-205861
|
Medium
|
Windows Server 2019 insecure logons to an SMB server must be disabled
|
|
V-253360
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-220802
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-254475
|
High
|
Windows Server 2022 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-205919
|
High
|
Windows Server 2019 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-253462
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-220938
|
High
|
The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM
|
|
V-254468
|
Medium
|
Windows Server 2022 must be configured to prevent anonymous users from having the same permission...
|
|
V-205915
|
Medium
|
Windows Server 2019 must be configured to prevent anonymous users from having the same permission...
|
|
V-253455
|
Medium
|
The system must be configured to prevent anonymous users from having the same rights as the Every...
|
|
V-254471
|
Medium
|
Windows Server 2022 must prevent NTLM from falling back to a Null session
|
|
V-205917
|
Medium
|
Windows Server 2019 must prevent NTLM from falling back to a Null session
|
|
V-253458
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-220934
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-254470
|
Medium
|
Windows Server 2022 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-205916
|
Medium
|
Windows Server 2019 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-254477
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-205921
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-254478
|
Medium
|
Windows Server 2022 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-205922
|
Medium
|
Windows Server 2019 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-254335
|
Low
|
Windows Server 2022 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-205858
|
Low
|
Windows Server 2019 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-253353
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-220795
|
Medium
|
IPv6 source routing must be configured to highest protection
|
|
V-254336
|
Low
|
Windows Server 2022 source routing must be configured to the highest protection level to prevent ...
|
|
V-205859
|
Low
|
Windows Server 2019 source routing must be configured to the highest protection level to prevent ...
|
|
V-205869
|
Medium
|
Windows Server 2019 Telemetry must be configured to Security or Basic
|
|
V-220834
|
Medium
|
Windows Telemetry must not be configured to Full
|
|
V-260479
|
Low
|
Ubuntu 22.04 LTS must have the "chrony" package installed
|
|
V-260480
|
Low
|
Ubuntu 22.04 LTS must not have the "systemd-timesyncd" package installed
|
|
V-260481
|
Low
|
Ubuntu 22.04 LTS must not have the "ntp" package installed
|
|
V-260539
|
High
|
Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface ...
|
|
V-260570
|
High
|
Ubuntu 22.04 LTS must not allow accounts configured with blank or null passwords
|
|
V-260571
|
High
|
Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords
|
|
V-260640
|
Medium
|
Ubuntu 22.04 LTS must generate audit records for all events that affect the systemd journal files
|
|
V-224819
|
High
|
Users with Administrative privileges must have separate accounts for administrative duties and no...
|
|
V-224821
|
High
|
Administrative accounts must not be used with applications that access the Internet, such as web ...
|
|
V-224822
|
Medium
|
Members of the Backup Operators group must have separate accounts for backup duties and normal op...
|
|
V-224824
|
Medium
|
Manually managed application account passwords must be changed at least annually or when a system...
|
|
V-224827
|
Medium
|
Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and r...
|
|
V-224828
|
High
|
Systems must be maintained at a supported servicing level
|
|
V-224829
|
High
|
The Windows Server 2016 system must use an anti-virus program
|
|
V-224830
|
Medium
|
Servers must have a host-based intrusion detection or prevention system
|
|
V-224842
|
Medium
|
Software certificate installation files must be removed from Windows Server 2016
|
|
V-224846
|
Medium
|
A host-based firewall must be installed and enabled on the system
|
|
V-224860
|
Medium
|
FTP servers must be configured to prevent anonymous logons
|
|
V-224861
|
Medium
|
FTP servers must be configured to prevent access to the system drive
|
|
V-224863
|
Medium
|
Orphaned security identifiers (SIDs) must be removed from user rights on Windows 2016
|
|
V-224864
|
Low
|
Secure Boot must be enabled on Windows Server 2016 systems
|
|
V-224865
|
Low
|
Windows 2016 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be confi...
|
|
V-254343
|
Medium
|
Windows Server 2022 virtualization-based security must be enabled with the platform security leve...
|
|
V-205864
|
Medium
|
Windows Server 2019 virtualization-based security must be enabled with the platform security leve...
|
|
V-253369
|
Medium
|
Virtualization-based Security must be enabled on Windows 11 with the platform security level conf...
|
|
V-220811
|
Medium
|
Virtualization Based Security must be enabled on Windows 10 with the platform security level conf...
|
|
V-224916
|
Low
|
Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection le...
|
|
V-224917
|
Low
|
Source routing must be configured to the highest protection level to prevent Internet Protocol (I...
|
|
V-224918
|
Low
|
Windows Server 2016 must be configured to prevent Internet Control Message Protocol (ICMP) redire...
|
|
V-224920
|
Medium
|
Insecure logons to an SMB server must be disabled
|
|
V-224921
|
Medium
|
Hardened UNC paths must be defined to require mutual authentication and integrity for at least th...
|
|
V-224923
|
Medium
|
Windows Server 2016 virtualization-based security must be enabled with the platform security leve...
|
|
V-224924
|
Medium
|
Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers ident...
|
|
V-224925
|
Medium
|
Group Policy objects must be reprocessed even if they have not changed
|
|
V-224929
|
Medium
|
Users must be prompted to authenticate when the system wakes from sleep (on battery)
|
|
V-224930
|
Medium
|
Users must be prompted to authenticate when the system wakes from sleep (plugged in)
|
|
V-224936
|
Medium
|
Windows Telemetry must be configured to Security or Basic
|
|
V-224942
|
Low
|
Turning off File Explorer heap termination on corruption must be disabled
|
|
V-224943
|
Medium
|
File Explorer shell protocol must run in protected mode
|
|
V-224949
|
Medium
|
Attachments must be prevented from being downloaded from RSS feeds
|
|
V-224955
|
Medium
|
Users must be notified if a web-based program attempts to install software
|
|
V-224978
|
High
|
Directory data (outside the root DSE) of a non-public directory must be configured to prevent ano...
|
|
V-254375
|
Medium
|
Windows Server 2022 users must be notified if a web-based program attempts to install software
|
|
V-205874
|
Medium
|
Windows Server 2019 users must be notified if a web-based program attempts to install software
|
|
V-253412
|
Medium
|
Users must be notified if a web-based program attempts to install software
|
|
V-220858
|
Medium
|
Users must be notified if a web-based program attempts to install software
|
|
V-254284
|
Medium
|
Windows Server 2022 must have Secure Boot enabled
|
|
V-205857
|
Low
|
Windows Server 2019 must have Secure Boot enabled
|
|
V-220700
|
Low
|
Secure Boot must be enabled on Windows 10 systems
|
|
V-254357
|
Low
|
Windows Server 2022 Windows Update must not obtain updates from other PCs on the internet
|
|
V-205870
|
Low
|
Windows Server 2019 Windows Update must not obtain updates from other PCs on the Internet
|
|
V-253394
|
Low
|
Windows Update must not obtain updates from other PCs on the internet
|
|
V-220835
|
Low
|
Windows Update must not obtain updates from other PCs on the internet
|
|
V-224996
|
Medium
|
Domain controllers must be configured to allow reset of machine account passwords
|
|
V-225006
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-225011
|
Medium
|
Caching of logon credentials must be limited
|
|
V-225012
|
High
|
Windows Server 2016 must be running Credential Guard on domain-joined member servers
|
|
V-225025
|
High
|
Local accounts with blank passwords must be restricted to prevent access from the network
|
|
V-225026
|
Medium
|
Windows Server 2016 built-in administrator account must be renamed
|
|
V-225027
|
Medium
|
Windows Server 2016 built-in guest account must be renamed
|
|
V-225033
|
Medium
|
The maximum age for machine account passwords must be configured to 30 days or less
|
|
V-225038
|
Medium
|
The Smart Card removal option must be configured to Force Logoff or Lock Workstation
|
|
V-225044
|
High
|
Anonymous SID/Name translation must not be allowed
|
|
V-225045
|
High
|
Anonymous enumeration of Security Account Manager (SAM) accounts must not be allowed
|
|
V-225047
|
Medium
|
Windows Server 2016 must be configured to prevent anonymous users from having the same permission...
|
|
V-254238
|
Medium
|
Windows Server 2022 users with Administrative privileges must have separate accounts for administ...
|
|
V-205844
|
High
|
Windows Server 2019 users with Administrative privileges must have separate accounts for administ...
|
|
V-254240
|
High
|
Windows Server 2022 administrative accounts must not be used with applications that access the in...
|
|
V-205845
|
High
|
Windows Server 2019 administrative accounts must not be used with applications that access the In...
|
|
V-253294
|
High
|
Administrative accounts must not be used with applications that access the internet, such as web ...
|
|
V-220737
|
High
|
Administrative accounts must not be used with applications that access the Internet, such as web ...
|
|
V-254241
|
Medium
|
Windows Server 2022 members of the Backup Operators group must have separate accounts for backup ...
|
|
V-205846
|
Medium
|
Windows Server 2019 members of the Backup Operators group must have separate accounts for backup ...
|
|
V-253270
|
Medium
|
Only accounts responsible for the backup operations must be members of the Backup Operators group
|
|
V-220713
|
Medium
|
Only accounts responsible for the backup operations must be members of the Backup Operators group
|
|
V-254243
|
Medium
|
Windows Server 2022 manually managed application account passwords must be changed at least annua...
|
|
V-205847
|
Medium
|
Windows Server 2019 manually managed application account passwords must be changed at least annua...
|
|
V-254246
|
Medium
|
Windows Server 2022 domain-joined systems must have a Trusted Platform Module (TPM) enabled and r...
|
|
V-205848
|
Medium
|
Windows Server 2019 domain-joined systems must have a Trusted Platform Module (TPM) enabled and r...
|
|
V-220698
|
Medium
|
Windows 10 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use
|
|
V-254283
|
Medium
|
Windows Server 2022 systems must have Unified Extensible Firmware Interface (UEFI) firmware and b...
|
|
V-205856
|
Low
|
Windows Server 2019 systems must have Unified Extensible Firmware Interface (UEFI) firmware and b...
|
|
V-220699
|
Medium
|
Windows 10 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configu...
|
|
V-254356
|
Medium
|
Windows Server 2022 Diagnostic Data must be configured to send "required diagnostic data" or "opt...
|
|
V-268540
|
Medium
|
The macOS system must enable firmware password
|
|
V-268569
|
Medium
|
The macOS system must enforce enrollment in Mobile Device Management (MDM)
|
|
V-268570
|
Medium
|
The macOS system must enable Recovery Lock
|
|
V-268571
|
Medium
|
The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automati...
|
|
V-254459
|
Medium
|
Windows Server 2022 Smart Card removal option must be configured to Force Logoff or Lock Workstation
|
|
V-253448
|
Medium
|
The Smart Card removal option must be configured to Force Logoff or Lock Workstation
|
|
V-220924
|
Medium
|
The Smart Card removal option must be configured to Force Logoff or Lock Workstation
|
|
V-254472
|
Medium
|
Windows Server 2022 must prevent PKU2U authentication using online identities
|
|
V-205918
|
Medium
|
Windows Server 2019 must prevent PKU2U authentication using online identities
|
|
V-253459
|
Medium
|
PKU2U authentication using online identities must be prevented
|
|
V-220935
|
Medium
|
PKU2U authentication using online identities must be prevented
|
|
V-225051
|
Medium
|
PKU2U authentication using online identities must be prevented
|
|
V-254490
|
Medium
|
Windows Server 2022 must preserve zone information when saving attachments
|
|
V-205924
|
Medium
|
Windows Server 2019 must preserve zone information when saving attachments
|
|
V-253478
|
Medium
|
Zone information must be preserved when saving attachments
|
|
V-220955
|
Medium
|
Zone information must be preserved when saving attachments
|
|
V-225069
|
Medium
|
Zone information must be preserved when saving attachments
|
|
V-254417
|
Medium
|
Windows Server 2022 domain controllers must be configured to allow reset of machine account passw...
|
|
V-254337
|
Low
|
Windows Server 2022 must be configured to prevent Internet Control Message Protocol (ICMP) redire...
|
|
V-205860
|
Low
|
Windows Server 2019 must be configured to prevent Internet Control Message Protocol (ICMP) redire...
|
|
V-220797
|
Low
|
The system must be configured to prevent Internet Control Message Protocol (ICMP) redirects from ...
|
|
V-254481
|
Low
|
Windows Server 2022 default permissions of global system objects must be strengthened
|
|
V-205923
|
Low
|
Windows Server 2019 default permissions of global system objects must be strengthened
|
|
V-253467
|
Low
|
The default permissions of global system objects must be increased
|
|
V-220943
|
Low
|
The default permissions of global system objects must be increased
|
|
V-225060
|
Low
|
The default permissions of global system objects must be strengthened
|
|
V-254363
|
Low
|
Windows Server 2022 Turning off File Explorer heap termination on corruption must be disabled
|
|
V-205871
|
Low
|
Windows Server 2019 Turning off File Explorer heap termination on corruption must be disabled
|
|
V-254465
|
High
|
Windows Server 2022 must not allow anonymous SID/Name translation
|
|
V-205913
|
High
|
Windows Server 2019 must not allow anonymous SID/Name translation
|
|
V-253452
|
High
|
Anonymous SID/Name translation must not be allowed
|
|
V-220928
|
High
|
Anonymous SID/Name translation must not be allowed
|
|
V-225049
|
Medium
|
Services using Local System that use Negotiate when reverting to NTLM authentication must use the...
|
|
V-225050
|
Medium
|
NTLM must be prevented from falling back to a Null session
|
|
V-225054
|
High
|
The LAN Manager authentication level must be set to send NTLMv2 response only and to refuse LM an...
|
|
V-225055
|
Medium
|
Windows Server 2016 must be configured to at least negotiate signing for LDAP client signing
|
|
V-225056
|
Medium
|
Session security for NTLM SSP-based clients must be configured to require NTLMv2 session security...
|
|
V-225057
|
Medium
|
Session security for NTLM SSP-based servers must be configured to require NTLMv2 session security...
|
|
V-254282
|
Medium
|
Windows Server 2022 must have orphaned security identifiers (SIDs) removed from user rights
|
|
V-253290
|
Medium
|
Orphaned security identifiers (SIDs) must be removed from user rights on Windows 11
|
|
V-220733
|
Medium
|
Orphaned security identifiers (SIDs) must be removed from user rights on Windows 10
|
|
V-205855
|
Medium
|
Windows Server 2019 must have orphaned security identifiers (SIDs) removed from user rights
|
|
V-277985
|
Medium
|
Windows Server 2025 users with administrative privileges must have separate accounts for administ...
|
|
V-277987
|
High
|
Windows Server 2025 administrative accounts must not be used with applications that access the in...
|
|
V-277988
|
Medium
|
Windows Server 2025 members of the Backup Operators group must have separate accounts for backup ...
|
|
V-277990
|
Medium
|
Windows Server 2025 manually managed application account passwords must be changed at least annua...
|
|
V-277995
|
Medium
|
Windows Server 2025 must use an antivirus program
|
|
V-277996
|
Medium
|
Windows Server 2025 must have a host-based intrusion detection and prevention service (IDPS) inst...
|
|
V-278008
|
Medium
|
Windows Server 2025 must have software certificate installation files removed
|
|
V-278012
|
Medium
|
Windows Server 2025 must have a host-based firewall installed and enabled
|
|
V-278027
|
Medium
|
Windows Server 2025 FTP servers must be configured to prevent anonymous logons
|
|
V-278028
|
Medium
|
Windows Server 2025 FTP servers must be configured to prevent access to the system drive
|
|
V-278030
|
Medium
|
Windows Server 2025 must have orphaned security identifiers (SIDs) removed from user rights
|
|
V-278031
|
Medium
|
Windows Server 2025 systems must have Unified Extensible Firmware Interface (UEFI) firmware and b...
|
|
V-278032
|
Medium
|
Windows Server 2025 must have Secure Boot enabled
|
|
V-278082
|
Low
|
Windows Server 2025 Internet Protocol version 6 (IPv6) source routing must be configured to the h...
|
|
V-278083
|
Low
|
Windows Server 2025 source routing must be configured to the highest protection level to prevent ...
|
|
V-278084
|
Low
|
Windows Server 2025 must be configured to prevent Internet Control Message Protocol (ICMP) redire...
|
|
V-278086
|
Medium
|
Windows Server 2025 insecure logons to an SMB server must be disabled
|
|
V-278087
|
Medium
|
Windows Server 2025 hardened Universal Naming Convention (UNC) paths must be defined to require m...
|
|
V-278089
|
Medium
|
Windows Server 2025 must be configured to enable Remote host allows delegation of nonexportable c...
|
|
V-278090
|
Medium
|
Windows Server 2025 virtualization-based security must be enabled with the platform security leve...
|
|
V-278091
|
Medium
|
Windows Server 2025 Early Launch Antimalware, Boot-Start Driver Initialization Policy must preven...
|
|
V-278092
|
Medium
|
Windows Server 2025 group policy objects must be reprocessed even if they have not changed
|
|
V-278096
|
Medium
|
Windows Server 2025 users must be prompted to authenticate when the system wakes from sleep (on b...
|
|
V-278097
|
Medium
|
Windows Server 2025 users must be prompted to authenticate when the system wakes from sleep (plug...
|
|
V-278103
|
Medium
|
Windows Server 2025 Telemetry must be configured to limit diagnostic data sent to Microsoft
|
|
V-278104
|
Low
|
Windows Server 2025 Windows Update must not obtain updates from other PCs on the internet
|
|
V-278110
|
Low
|
Windows Server 2025 Turning off File Explorer heap termination on corruption must be disabled
|
|
V-278111
|
Medium
|
Windows Server 2025 File Explorer shell protocol must run in protected mode
|
|
V-278117
|
Medium
|
Windows Server 2025 must prevent attachments from being downloaded from RSS feeds
|
|
V-278122
|
Medium
|
Windows Server 2025 users must be notified if a web-based program attempts to install software
|
|
V-278146
|
High
|
Windows Server 2025 directory data (outside the root DSE) of a nonpublic directory must be config...
|
|
V-278164
|
Medium
|
Windows Server 2025 domain controllers must be configured to allow reset of machine account passw...
|
|
V-278176
|
Medium
|
The password for the krbtgt account on a domain must be reset at least every 180 days
|
|
V-278181
|
Medium
|
Windows Server 2025 must limit the caching of logon credentials to four or less on domain-joined ...
|
|
V-278190
|
High
|
Windows Server 2025 must be running Credential Guard on domain-joined member servers
|
|
V-278196
|
High
|
Windows Server 2025 must prevent local accounts with blank passwords from being used from the net...
|
|
V-278197
|
Medium
|
The Windows Server 2025 built-in administrator account must be renamed
|
|
V-278198
|
Medium
|
The Windows Server 2025 built-in guest account must be renamed
|
|
V-278204
|
Medium
|
Windows Server 2025 maximum age for machine account passwords must be configured to 30 days or less
|
|
V-278209
|
Medium
|
The Windows Server 2025 Smart Card removal option must be configured to Force Logoff or Lock Work...
|
|
V-278215
|
High
|
Windows Server 2025 must not allow anonymous SID/Name translation
|
|
V-278216
|
High
|
Windows Server 2025 must not allow anonymous enumeration of Security Account Manager (SAM) accounts
|
|
V-278218
|
Medium
|
Windows Server 2025 must be configured to prevent anonymous users from having the same permission...
|
|
V-278220
|
Medium
|
Windows Server 2025 services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-278221
|
Medium
|
Windows Server 2025 must prevent NTLM from falling back to a Null session
|
|
V-278222
|
Medium
|
Windows Server 2025 must prevent PKU2U authentication using online identities
|
|
V-278225
|
High
|
Windows Server 2025 LAN Manager authentication level must be configured to send NTLMv2 response o...
|
|
V-278226
|
Medium
|
Windows Server 2025 must be configured to at least negotiate signing for LDAP client signing
|
|
V-278227
|
Medium
|
Windows Server 2025 session security for NTLM SSP-based clients must be configured to require NTL...
|
|
V-278228
|
Medium
|
Windows Server 2025 session security for NTLM SSP-based servers must be configured to require NTL...
|
|
V-278231
|
Low
|
Windows Server 2025 default permissions of global system objects must be strengthened
|
|
V-278240
|
Medium
|
Windows Server 2025 must preserve zone information when saving attachments
|
|
V-205851
|
Medium
|
Windows Server 2019 must have a host-based intrusion detection and prevention service installed
|
|
V-254249
|
Medium
|
Windows Server 2022 must have a host-based intrusion detection and prevention service installed
|
|
V-277179
|
Medium
|
The macOS system must enforce enrollment in Mobile Device Management (MDM)
|
|
V-277180
|
Medium
|
The macOS system must enable Recovery Lock
|
|
V-277181
|
Medium
|
The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automati...
|