Microsoft Internet Explorer 7
- SCAPXML-83/90: Updated patch content and removed Vulnerabilities from patch content
- SCAPXML-94: Added the registry entry type to nearly all of the registry states.
- CCE-1000/CCE-3216-9
- CCE-1002/CCE-3619-4
- CCE-1006/CCE-3207-8
- CCE-1008/CCE-3584-0
- CCE-1010/CCE-3615-2
- CCE-1012/CCE-3564-2
- CCE-1013/CCE-3927-1
- CCE-1025/CCE-4026-1
- CCE-1031/CCE-4013-9
- CCE-1032/CCE-3866-1
- CCE-1045/CCE-4160-8
- CCE-1051/CCE-4237-4
- CCE-1054/CCE-3875-2
- CCE-1088/CCE-3902-4
- CCE-1147/CCE-4546-8
- CCE-119/CCE-3924-8
- CCE-1211/CCE-3909-9
- CCE-126/CCE-3751-5
- CCE-128/CCE-3696-2
- CCE-129/CCE-4031-1
- CCE-132/CCE-3963-6
- CCE-138/CCE-3891-9
- CCE-140/CCE-4564-1
- CCE-146/CCE-3929-7
- CCE-16/CCE-4139-2
- CCE-175/CCE-4053-5
- CCE-176/CCE-3945-3
- CCE-178/CCE-4196-2
- CCE-200/CCE-4153-3
- CCE-208/CCE-4119-4
- CCE-212/CCE-3576-6
- CCE-218/CCE-4652-4
- CCE-237/CCE-4098-0
- CCE-239/CCE-4028-7
- CCE-245/CCE-4143-4
- CCE-258/CCE-4036-0
- CCE-26/CCE-4101-2
- CCE-28/CCE-4040-2
- CCE-280/CCE-4099-8
- CCE-281/CCE-4643-3
- CCE-286/CCE-4131-9
- CCE-288/CCE-3989-1
- CCE-292/CCE-4050-1
- CCE-30/CCE-3264-9
- CCE-308/CCE-4793-6
- CCE-31/CCE-4087-3
- CCE-320/CCE-3754-9
- CCE-339/CCE-4066-7
- CCE-347/CCE-4043-6
- CCE-355/CCE-3906-5
- CCE-359/CCE-3553-5
- CCE-382/CCE-4047-7
- CCE-409/CCE-4132-7
- CCE-41/CCE-3337-3
- CCE-42/CCE-4171-5
- CCE-425/CCE-3914-9
- CCE-439/CCE-3601-2
- CCE-449/CCE-3941-2
- CCE-47/CCE-3853-9
- CCE-471/CCE-4147-5
- CCE-473/CCE-4138-4
- CCE-478/CCE-4246-5
- CCE-49/CCE-4109-5
- CCE-491/CCE-3888-5
- CCE-495/CCE-3993-3
- CCE-5/CCE-4017-0
- CCE-51/CCE-4052-7
- CCE-52/CCE-4057-6
- CCE-520/CCE-3855-4
- CCE-528/CCE-4259-8
- CCE-552/CCE-4121-0
- CCE-556/CCE-3706-9
- CCE-563/CCE-4158-2
- CCE-586/CCE-4068-3
- CCE-591/CCE-3338-1
- CCE-598/CCE-4192-1
- CCE-622/CCE-4118-6
- CCE-625/CCE-4226-7
- CCE-636/CCE-3905-7
- CCE-639/CCE-3590-7
- CCE-66/CCE-4001-4
- CCE-66/CCE-4001-4
- CCE-660/CCE-4018-8
- CCE-666/CCE-4232-5
- CCE-668/CCE-4122-8
- CCE-675/CCE-4845-4
- CCE-678/CCE-3400-9
- CCE-680/CCE-4084-0
- CCE-684/CCE-3518-8
- CCE-685/CCE-3998-2
- CCE-689/CCE-4104-6
- CCE-690/CCE-3976-8
- CCE-693/CCE-3201-1
- CCE-698/CCE-4215-0
- CCE-708/CCE-3744-0
- CCE-71/CCE-4056-8
- CCE-721/CCE-3647-5
- CCE-724/CCE-3570-9
- CCE-753/CCE-3894-3
- CCE-763/CCE-4079-0
- CCE-769/CCE-3825-7
- CCE-781/CCE-4692-0
- CCE-827/CCE-4162-4
- CCE-833/CCE-3933-9
- CCE-841/CCE-4163-2
- CCE-863/CCE-3378-7
- CCE-876/CCE-4175-6
- CCE-878/CCE-3984-2
- CCE-882/CCE-4062-6
- CCE-910/CCE-4161-6
- CCE-914/CCE-3249-0
- CCE-925/CCE-3996-6
- CCE-938/CCE-4199-6
- CCE-946/CCE-3204-5
- CCE-963/CCE-3275-5
- CCE-964/CCE-4174-9
- CCE-970/CCE-4150-9
- CCE-973/CCE-4202-8
- CCE-985/CCE-4149-1
- SCAPXML-106: Changed “xmlns:cpe” attribute on the Benchmark element from “http://cpe.mitre.org/language/2.0” to “http://cpe.mitre.org/dictionary/2.0”.
- SCAPXML-107: Changed the “system” attribute on the model element from “urn:xcscoring:*” to “urn:xccdf:scoring:*”.
- SCAPXML-117: Added the type and operator to the value for Logon Options - Internet Zone - Local Computer and set them to “number” and “equals”, respectively.
Microsoft Windows Vista Firewall
- SCAPXML-104: The operator for “private_profile_name_var” changed from “equals” to “pattern match”.
- SCAPXML-106: Changed “xmlns:cpe” attribute on the Benchmark element from “http://cpe.mitre.org/language/2.0” to “http://cpe.mitre.org/dictionary/2.0”.
Microsoft Windows Vista
- Updated version attributes to reflect changes to checking methods.
- SCAPXML-23/76/85: Corrected GUEST account SID.
- SCAPXML-26: Allowed for non-existence of the GUEST and Administrator accounts.
- SCAPXML-72: Removed from the FDCC profile
- "Approved Installation Sites for ActiveX Controls"
- "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"
- MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)
- SCAPXML-81/82: Corrected var_ref element datatype attributes.
- SCAPXML-83/90: Updated patch content and removed Vulnerabilities from patch content
- SCAPXML-87/88: Replaced all instances of “AUDIT__SUCCESS_FAILURE” with “AUDIT_SUCCESS_FAILURE”
- SCAPXML-92/93: Changed the “value” child elements of the “Value” elements for “Set a time limit for disconnected sessions” and “Set a time limit for active but idle Terminal Services sessions” from seconds to nanoseconds.
- SCAPXML-100: Corrected the registry paths for objects “oval:gov.nist.fdcc.vista:obj:60511” and “oval:gov.nist.fdcc.vista:obj:60521”.
- SCAPXML-101: Corrected the comments and keys associated with checking the existence of the SpyNet key and SpyNetReporting value.
- SCAPXML-102: Added CCE v5 IDs for CCE-174 and CCE-1109.
- SCAPXML-104:
- Changed the “operator” attribute for all Audit related “Value” elements from “equals” to “pattern match”.
- Changed the “operator” attribute for the message text/title for users attempting to log on “Value” elements from “equals” to “pattern match”.
- SCAPXML-106: Changed “xmlns:cpe” attribute on the Benchmark element from “http://cpe.mitre.org/language/2.0” to “http://cpe.mitre.org/dictionary/2.0”.
- SCAPXML-110: Unnecessary line breaks removed.
- SCAPXML-113: Inconsistent datatypes between XCCDF and OVAL corrected for a number of settings.
- SCAPXML-115: Added a caveat to the descriptions stating that this can break IPSec. Also added a reference to the Microsoft Knowledge base article to the OVAL definition.
- SCAPXML-116: Added the “Accounts: Administrator account status “ requirement
- SCAPXML-118: Removed the values for the drive type autorun rules and changed the corresponding OVAL definition, “oval:gov.nist.fdcc.vista:def:6574”, to require a value of “255” instead of using a variable value.
Microsoft Windows XP
- Updated version attributes to reflect changes in checking methods.
- Added criterion on some User Rights to ensure the allowed users are given the specified user right for the sake of consistency.
- SCAPXML-23/76/85: Corrected GUEST account SID.
- SCAPXML-26: Allowed for non-existence of the SUPPORT_388945a0 and GUEST accounts.
- SCAPXML-67: Corrected logic forI “nteractive logon: Smart Card removal behavior” setting to allow for it to being configured to “Force Logoff ”
- SCAPXML-69: Corrected logic for “Interactive logon: Require Domain Controller authentication to unlock workstation” setting to allow for it being configured to “Enabled.”
- SCAPXML-75: Removed the duplicate description on FDCC profile.
- SCAPXML-72: Removed from the FDCC profile:
- Prevent Local Guests Group From Accessing Application Log
- Prevent Local Guests Group From Accessing Security Log
- Prevent Local Guests Group From Accessing System Log
- DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
- Interactive logon: Require smart card
- MSS: (Hidden) Hide Computer From the Browse List
- SCAPXML-79: Audit Backup and Restore Privilege Disabled corrected
- SCAPXML-80: oval:gov.nist.fdcc.xp:tst:311 Guests and SUPPORT_388945a0 are Deny Logon As Batch Job
- SCAPXML-81/82: Corrected var_ref element datatype attributes.
- SCAPXML-83/90: Updated patch content and removed Vulnerabilities from patch content
- SCAPXML-84: Corrected logic errors relating to tests oval:gov.nist.fdcc.xp:tst:67261 & oval:gov.nist.fdcc.xp:tst:67251.
- SCAPXML-86: Corrected logic error in the criteria for oval:gov.nist.fdcc.xp:def:6626 which may result in false negatives.
- SCAPXML-92/93: Changed the “value” child elements of the “Value” elements for “Set a time limit for disconnected sessions” and “Set a time limit for active but idle Terminal Services sessions” from seconds to nanoseconds.
- SCAPXML-96: Corrected permissions check for regini.exe by ensuring Administrators group has Full Control.
- SCAPXML-97: Description for mshta.exe permissions restriction entry corrected.
- SCAPXML-99: Corrected the comments on the criterion for “oval:gov.nist.fdcc.xp:def:1662”
- SCAPXML-103: Corrected missing and incorrect CCEs.
- SCAPXML-104: Changed the “operator” attribute for all Audit related “Value” elements from “equals” to “pattern match”.
- CCE-315/(CCE-3867-0/CCE-3008-0)
- CCE-596/(CCE-2906-6/CCE-2902-5)
- CCE-10/(CCE-2933-0/CCE-2206-1)
- CCE-429/(CCE-2100-6/CCE-2343-2)
- CCE-812/(CCE-2259-0/CCE-2766-4)
- CCE-966/(CCE-2971-0/CCE-2757-9)
- CCE-874/(CCE-2913-2/CCE-2918-1)
- CCE-8/(CCE-2816-7/CCE-2939-7)
- CCE-149/(CCE-2878-7/CCE-2843-1)
- SCAPXML-105: Added a default “value” child element for the “BITSService_var” Value.
- SCAPXML-107: Changed the “system” attribute on the model element from “urn:xcscoring:*” to “urn:xccdf:scoring:*”.
- SCAPXML-109: Several inconsistent user rights checks corrected including Deny Access from Network, Deny Logon As Batch Job, Impersonate a Client after Authentication, Create Global Objects
- SCAPXML-113: Inconsistent datatypes between XCCDF and OVAL corrected for a number of settings.
- SCAPXML-114: Corrected an inconsistency between state and variable for Audit the use of Backup and Restore privileges
- SCAPXML-115: Added a caveat to the descriptions stating that this can break IPSec. Also added a reference to the Microsoft Knowledge base article to the OVAL definition.
- SCAPXML-116: Added the “Accounts: Administrator account status “ requirement
Microsoft Windows XP Firewall
- Removed a number of unnecessary CR/LFs.
- SCAPXML-78: Removed “Define port exceptions” from FDCC profile.
- SCAPXML-106: Changed “xmlns:cpe” attribute on the Benchmark element from “http://cpe.mitre.org/language/2.0” to “http://cpe.mitre.org/dictionary/2.0”.
- SCAPXML-107: Changed the “system” attribute on the model element from “urn:xcscoring:*” to “urn:xccdf:scoring:*”.
- SCAPXML-108: Changed the “1” in the “comment” attribute on the criterion element for “oval:gov.nist.fdcc.xpfirewall:tst:51061” on definition “oval:gov.nist.fdcc.xpfirewall:def:5106”
- SCAPXML-119: Inconsistent datatype between state and variable, changed “int” to “string”.
|