Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system is configured to allow installation of printers using kernel-mode drivers.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3478 | 3.087 | SV-29715r1_rule | DCSL-1 | Medium |
| Description |
|---|
| Kernel-mode drivers are drivers that operate in kernel mode. Kernel mode allows virtually unlimited access to hardware and memory. A poorly written kernel driver may cause system instability and data corruption. Malicious code inserted in a kernel-mode driver has almost no limit on what it may do. Most modern printers do not require kernel-mode drivers. |
| STIG | Date |
|---|---|
| Windows 2003 Domain Controller Security Technical Implementation Guide | 2015-06-03 |
Details
| Check Text ( C-220r1_chk ) |
|---|
| The policy value for Computer Configuration -> Administrative Templates -> System -> Printers “Disallow Installation of Printers Using Kernel-mode Drivers” will be set to “Enabled”. If the following registry value doesn’t exist or its value is not set to 1, then this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows NT\Printers\ Value Name: KMPrintersAreBlocked Type: REG_DWORD Value: 1 Note: This setting will prevent some applications from installing PDF print drivers. |
| Fix Text (F-5698r1_fix) |
|---|
| Configure the system to prevent it from allowing the installation of kernel-mode drivers by setting the policy value for Computer Configuration -> Administrative Templates -> Printers “Disallow Installation of Printers Using Kernel-mode Drivers” to “Enabled”. |