Check: WN12-CC-000072
Windows 2012 IAVM:
WN12-CC-000072
(in version v1 r30)
Title
Autoplay must be turned off for non-volume devices. (Cat I impact)
Discussion
Allowing Autoplay to execute may introduce malicious code to a system. Autoplay begins reading from a drive as soon as media is inserted into the drive. As a result, the setup file of programs or music on audio media may start. This setting will disable Autoplay for non-volume devices (such as Media Transfer Protocol (MTP) devices).
Check Content
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\Explorer\ Value Name: NoAutoplayfornonVolume Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> AutoPlay Policies -> "Disallow Autoplay for non-volume devices" to "Enabled".
Additional Identifiers
Rule ID:
Vulnerability ID: V-21973
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001764 |
Prevent program execution in accordance with organization-defined policies, rules of behavior, and/or access agreements regarding software program usage and restrictions; rules authorizing the terms and conditions of software program usage. |
Controls
| Number | Title |
|---|---|
| CM-7(2) |
Prevent Program Execution |