Flash must not be installed on the Tanium Server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-67087	TANS-SV-000022	SV-81577r1_rule		Medium

Description
Adobe Flash Player is freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio. Flash Player is a common format for games, animations, and graphical user interfaces (GUIs) embedded in web pages. Flash Player runs SWF files. Flash Player supports vector and raster graphics, 3D graphics, an embedded scripting language called ActionScript, and streaming of video and audio. ActionScript is based on ECMAScript, and supports object-oriented code, and is similar to JavaScript.Adobe Flash Player is a runtime that executes and displays content from a provided SWF file. Although it has no in-built features to modify the SWF file at runtime, it can execute software written in the ActionScript programming language which enables the runtime manipulation of text, data, vector graphics, raster graphics, sound, and video. The player can also access certain connected hardware devices, including web cameras and microphones, after permission for the same has been granted by the user. Throughout the various version of Adobe Flash Player, multiple vulnerabilities have been exposed requiring patching to mitigate and because of these vulnerabilities it continues to be a target for exploitation. Since Tanium does not require Adobe Flash Player for any functionality, ensuring it is not installed removes the vulnerability.

Description

Adobe Flash Player is freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio. Flash Player is a common format for games, animations, and graphical user interfaces (GUIs) embedded in web pages. Flash Player runs SWF files. Flash Player supports vector and raster graphics, 3D graphics, an embedded scripting language called ActionScript, and streaming of video and audio. ActionScript is based on ECMAScript, and supports object-oriented code, and is similar to JavaScript.Adobe Flash Player is a runtime that executes and displays content from a provided SWF file. Although it has no in-built features to modify the SWF file at runtime, it can execute software written in the ActionScript programming language which enables the runtime manipulation of text, data, vector graphics, raster graphics, sound, and video. The player can also access certain connected hardware devices, including web cameras and microphones, after permission for the same has been granted by the user. Throughout the various version of Adobe Flash Player, multiple vulnerabilities have been exposed requiring patching to mitigate and because of these vulnerabilities it continues to be a target for exploitation. Since Tanium does not require Adobe Flash Player for any functionality, ensuring it is not installed removes the vulnerability.

STIG	Date
Tanium 6.5 Security Technical Implementation Guide	2016-09-29

Details

Check Text ( C-67723r1_chk )
Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Access Settings >> Control Panel >> Programs >> Programs and Features. Review the installed programs. If Adobe Flash Player is installed, this is a finding.

Fix Text (F-73187r1_fix)
Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Access Settings >> Control Panel >> Programs >> Programs and Features. Click on the Adobe Flash Player to select it. Select “Uninstall”.