An error occurred:

Check: WN19-EP-000070

Microsoft Windows Server 2019 STIG: WN19-EP-000070 (in versions v2 r2 through v1 r1)

Title

Windows Server 2019 Exploit Protection mitigations must be configured for AcroRd32.exe. (Cat II impact)

Discussion

Exploit protection provides a means of enabling additional mitigations against potential threats at the system and application level. Without these additional application protections, Windows may be subject to various exploits.

Check Content

If the referenced application is not installed on the system, this is NA. This is applicable to unclassified systems, for other systems this is NA. Run "Windows PowerShell" with elevated privileges (run as administrator). Enter "Get-ProcessMitigation -Name AcroRd32.exe". (Get-ProcessMitigation can be run without the -Name parameter to get a list of all application mitigations configured.) If the following mitigations do not have a status of "ON", this is a finding: DEP: Enable: ON ASLR: BottomUp: ON ForceRelocateImages: ON Payload: EnableExportAddressFilter: ON EnableExportAddressFilterPlus: ON EnableImportAddressFilter: ON EnableRopStackPivot: ON EnableRopCallerCheck: ON EnableRopSimExec: ON The PowerShell command produces a list of mitigations; only those with a required status of "ON" are listed here.

Fix Text

Ensure the following mitigations are turned "ON" for AcroRd32.exe: DEP: Enable: ON ASLR: BottomUp: ON ForceRelocateImages: ON Payload: EnableExportAddressFilter: ON EnableExportAddressFilterPlus: ON EnableImportAddressFilter: ON EnableRopStackPivot: ON EnableRopCallerCheck: ON EnableRopSimExec: ON Application mitigations defined in the STIG are configured by a DoD EP XML file included with the STIG package in the "Supporting Files" folder. The XML file is applied with the group policy setting Computer Configuration >> Administrative Settings >> Windows Components >> Windows Defender Exploit Guard >> Exploit Protection >> "Use a common set of exploit protection settings" configured to "Enabled" with file name and location defined under "Options:". It is recommended the file be in a read-only network location.

Additional Identifiers

Rule ID: SV-205883r569188_rule

Vulnerability ID: V-205883

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings