Released 19 March 2024
CEM for Windows v1.5.2 introduces updates to enhance protection of Windows Server systems. Default values were changed for three Center for
Internet Security (CIS) controls, thus helping to ensure that the controls will be correctly enforced to protect the
winreg registry key and internal system objects.
Resolved issues
-
For Windows Server 2016, 2019, and 2022, the implementation of CIS Controls 2.3.10.8 and 2.3.10.9 was corrected. For both controls, the default value of the
value parameter was changed to Machine. By enforcing these controls, you can help to prevent attackers from accessing sensitive configuration data in the
winreg registry key.
-
For Windows Server 2016, 2019, and 2022, the implementation of CIS Control 2.3.15.2 was updated to specify the correct path for the
path parameter. By enforcing this control, you can help to prevent unauthorized users from modifying internal system objects.
-
A default value was changed to help ensure that CIS Control 18.6.4.1 can be enforced without disrupting operations on Windows Server 2022 systems. CIS Control 18.6.4.1 enforces Domain Name System resolution over HTTPS (DoH) to help protect systems against spoofing
and man-in-the-middle attacks. Previously, the default setting of
Enabled: Require DoH could prevent agent nodes from reporting to the Puppet primary server. To resolve the issue, the setting was changed to
Enabled: Allow DoH to ensure that DoH is allowed but not required.
For full details, visit our release notes
here.
Thank you for being a Puppet by Perforce Customer!
This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.