Information
Limiting the use of MSI transforms during VMware Tools reconfiguration is crucial to prevent unintended alterations to the installation database on Microsoft Windows guest operating systems from vSphere. This control is managed through a specific configuration parameter. The parameter governing this behavior is autoupgrade allow-msi-transforms with a recommended setting of false.
By restricting the use of MSI transforms, organizations can maintain a consistent security profile of the guest OS and minimize risks associated with unintended configuration changes during VMware Tools reconfiguration.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Impact:
Implementing this control will necessitate administrators to leverage alternative methods for updating and reconfiguring VMware Tools as required, which may demand additional administrative effort and oversight.