STIGQter: STIG Summary: Microsoft DotNet Framework 4.0 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Trust must be established prior to enabling the loading of remote code in .Net 4.

DISA Rule

SV-225233r615940_rule

Vulnerability Number

V-225233

Group Title

SRG-APP-000431

Rule Version

APPNET0065

Severity

CAT II

CCI(s)

• CCI-002530 - The information system maintains a separate execution domain for each executing process.

Weight

10

Fix Recommendation

.Net application code loaded from a remote source must be run in a controlled environment.

A controlled environment consists of a sandbox, such as running in an Internet Explorer host environment or employing OS based software access controls, such as AppLocker or Software Security Policies, when application design permits.

Obtain documented IAO approvals for all remotely loaded code.

Check Contents

Open Windows explorer and search for *.exe.config.

Search each config file found for the "loadFromRemoteSources" element.

If the loadFromRemoteSources element is enabled
("loadFromRemoteSources enabled = true"), and the remotely loaded application is not run in a sandboxed environment, or if OS based software controls, such as AppLocker or Software Security Policies, are not utilized, this is a finding.

Vulnerability Number

V-225233

Documentable

False

Rule Version

APPNET0065

Severity Override Guidance

Open Windows explorer and search for *.exe.config.

Search each config file found for the "loadFromRemoteSources" element.

If the loadFromRemoteSources element is enabled
("loadFromRemoteSources enabled = true"), and the remotely loaded application is not run in a sandboxed environment, or if OS based software controls, such as AppLocker or Software Security Policies, are not utilized, this is a finding.

Check Content Reference

M

Target Key

4213

Comments