DTOO128 - InfoPath - Data Execution Prevention must be enforced.

Gavin M. Dennis

22 April 2022 16:50

Details

Data Execution Prevention (DEP) is a set of hardware and software technologies performing additional checks on memory to help prevent malicious code from running on a system. The primary benefit of DEP is to help prevent code execution from data pages. Enabling this setting, turns off Data Execution Prevention. As a result, malicious code takes advantage of code injection or buffer overflow vulnerabilities possibly exploiting the computer.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> Trust Center 'Turn off Data Execution Prevention' to 'Disabled'.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_InfoPath_2010_V1R11_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-18(4)
CAT|II
CCI|CCI-001170
Rule-ID|SV-33856r1_rule
STIG-ID|DTOO128
Vuln-ID|V-26590

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section