UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Exploit Protection mitigations in Windows 10 must be configured for Acrobat.exe.


Overview

Finding ID Version Rule ID IA Controls Severity
V-220878 WN10-EP-000070 SV-220878r569187_rule Medium
Description
Exploit protection in Windows 10 provides a means of enabling additional mitigations against potential threats at the system and application level. Without these additional application protections, Windows 10 may be subject to various exploits.
STIG Date
Windows 10 Security Technical Implementation Guide 2020-10-15

Details

Check Text ( C-22593r555119_chk )
This is NA prior to v1709 of Windows 10.

This is applicable to unclassified systems, for other systems this is NA.

Run "Windows PowerShell" with elevated privileges (run as administrator).

Enter "Get-ProcessMitigation -Name Acrobat.exe".
(Get-ProcessMitigation can be run without the -Name parameter to get a list of all application mitigations configured.)

If the following mitigations do not have the listed status which is shown below, this is a finding:

DEP:
Override DEP: False

ASLR:
ForceRelocateImages: ON

Payload:
OverrideExportAddressFilter: False
OverrideExportAddressFilterPlus: False
OverrideImportAddressFilter: False
OverrideEnableRopStackPivot: False
OverrideEnableRopCallerCheck: False
OverrideEnableRopSimExec: False

The PowerShell command produces a list of mitigations; only those with a required status of are listed here. If the PowerShell command does not produce results, ensure the letter case of the filename within the command syntax matches the letter case of the actual filename on the system.
Fix Text (F-22582r555120_fix)
Ensure the following mitigations are configured as shown for Acrobat.exe:

DEP:
Override DEP: False

ASLR:
ForceRelocateImages: ON

Payload:
OverrideExportAddressFilter: False
OverrideExportAddressFilterPlus: False
OverrideImportAddressFilter: False
OverrideEnableRopStackPivot: False
OverrideEnableRopCallerCheck: False
OverrideEnableRopSimExec: False

Application mitigations defined in the STIG are configured by a DoD EP XML file included with the Windows 10 STIG package in the "Supporting Files" folder.

The XML file is applied with the group policy setting Computer Configuration >> Administrative Settings >> Windows Components >> Windows Defender Exploit Guard >> Exploit Protection >> "Use a common set of exploit protection settings" configured to "Enabled" with file name and location defined under "Options:". It is recommended the file be in a read-only network location.