Flash must not be installed on the Tanium Server.

From Tanium 6.5 Security Technical Implementation Guide

Part of SRG-APP-000210

Associated with: CCI-001170

SV-81577r1_rule Flash must not be installed on the Tanium Server.

Vulnerability discussion

Adobe Flash Player is freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio. Flash Player is a common format for games, animations, and graphical user interfaces (GUIs) embedded in web pages. Flash Player runs SWF files. Flash Player supports vector and raster graphics, 3D graphics, an embedded scripting language called ActionScript, and streaming of video and audio. ActionScript is based on ECMAScript, and supports object-oriented code, and is similar to JavaScript.Adobe Flash Player is a runtime that executes and displays content from a provided SWF file. Although it has no in-built features to modify the SWF file at runtime, it can execute software written in the ActionScript programming language which enables the runtime manipulation of text, data, vector graphics, raster graphics, sound, and video. The player can also access certain connected hardware devices, including web cameras and microphones, after permission for the same has been granted by the user.Throughout the various version of Adobe Flash Player, multiple vulnerabilities have been exposed requiring patching to mitigate and because of these vulnerabilities it continues to be a target for exploitation.Since Tanium does not require Adobe Flash Player for any functionality, ensuring it is not installed removes the vulnerability.

Check content

Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Access Settings >> Control Panel >> Programs >> Programs and Features. Review the installed programs. If Adobe Flash Player is installed, this is a finding.

Fix text

Access the Tanium Server interactively. Log on with an account with administrative privileges to the server. Access Settings >> Control Panel >> Programs >> Programs and Features. Click on the Adobe Flash Player to select it. Select “Uninstall”.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer