Microsoft Windows 10

Windows 10 Kernel (Direct Memory Access) DMA Protection must be enabled

STIG ID: WN10-EP-000310 | SRG: SRG-OS-000138-GPOS-00069 | Severity: Medium | CCI: CCI-001090 | Vulnerability ID: V-220902

Description

Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely.

Check

C-22617r555191_chk

This is NA prior to v1803 of Windows 10.If the following registry value does not exist or is not configured as specified, this is a finding.Registry Hive: HKEY_LOCAL_MACHINERegistry Path: \Software\Policies\Microsoft\Windows\Kernel DMA ProtectionValue Name: DeviceEnumerationPolicyValue Type: REG_DWORDValue: 0

Fix

F-22606r555192_fix

Configure the policy value for Computer Configuration >> Administrative Templates >> System >> Kernel DMA Protection >> "Enumeration policy for external devices incompatible with Kernel DMA Protection" to "Enabled" with "Enumeration Policy" set to "Block All".