Check: WN12-00-000220
Microsoft Windows Server 2012/2012 R2 Member Server STIG:
WN12-00-000220
(in versions v3 r7 through v2 r13)
Title
Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2. (Cat II impact)
Discussion
Windows PowerShell versions 4.0 (with a patch) and 5.x add advanced logging features that can provide additional detail when malware has been run on a system. Ensuring Windows PowerShell 2.0 is not installed as well mitigates against a downgrade attack that evades the advanced logging features of later Windows PowerShell versions.
Check Content
Windows PowerShell 2.0 is not installed by default. Open "Windows PowerShell". Enter "Get-WindowsFeature -Name PowerShell-v2". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Windows PowerShell 2.0 is not installed by default. Uninstall it if it has been installed. Open "Windows PowerShell". Enter "Uninstall-WindowsFeature -Name PowerShell-v2". Alternately: Use the "Remove Roles and Features Wizard" and deselect "Windows PowerShell 2.0 Engine" under "Windows PowerShell".
Additional Identifiers
Rule ID: SV-225265r569185_rule
Vulnerability ID: V-225265
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |