Check: 5.243
Windows XP STIG:
5.243
(in versions v6 r1.32 through v1 r0)
Title
Windows Installer – Vendor Signed Updates (Cat III impact)
Discussion
This check verifies that users are prevented applying vendor signed updates.
Check Content
If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows\Installer\ Value Name: DisableLUAPatching Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Installer “Prohibit non-administrators from applying vendor signed updates” to “Enabled”.
Additional Identifiers
Rule ID: SV-16603r1_rule
Vulnerability ID: V-15686
Group Title: Windows Installer – Vendor Signed Updates
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |