Navigate

Check: WN12-CC-000090

Microsoft Windows Server 2012/2012 R2 Domain Controller STIG: WN12-CC-000090 (in versions v3 r7 through v2 r7)

Title

Turning off File Explorer heap termination on corruption must be disabled. (Cat III impact)

Discussion

Legacy plug-in applications may continue to function when a File Explorer session has become corrupt. Disabling this feature will prevent this.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\Explorer\ Value Name: NoHeapTerminationOnCorruption Type: REG_DWORD Value: 0

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> File Explorer -> "Turn off heap termination on corruption" to "Disabled".

Additional Identifiers

Rule ID: SV-226196r852108_rule

Vulnerability ID: V-226196

Group Title: SRG-OS-000420-GPOS-00186

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002385	Protect against or limit the effects of organization-defined types of denial-of-service events.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SC-5	Denial of Service Protection