8.12 (L1) VMware Tools must limit the use of MSI transforms when reconfiguring VMware Tools

Information

Limiting the use of MSI transforms during VMware Tools reconfiguration is crucial to prevent unintended alterations to the installation database on Microsoft Windows guest operating systems from vSphere. This control is managed through a specific configuration parameter. The parameter governing this behavior is autoupgrade allow-msi-transforms with a recommended setting of false.

By restricting the use of MSI transforms, organizations can maintain a consistent security profile of the guest OS and minimize risks associated with unintended configuration changes during VMware Tools reconfiguration.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Impact:

Implementing this control will necessitate administrators to leverage alternative methods for updating and reconfiguring VMware Tools as required, which may demand additional administrative effort and oversight.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.1

Plugin: VMware

Control ID: 3fda1d3cf430e77d100bd5146e1277f020347ddd71074db950254afc1ad7f396