Details
Disable unexposed Drag and Drop Version Set feature.
*Rationale*
Because VMware virtual machines are designed to work on both vSphere as well as hosted
virtualization platforms such as Workstation and Fusion, there are some VMX parameters
that don’t apply when running on vSphere. Although the functionality governed by these
parameters is not exposed on ESX, explicitly disabling them will reduce the potential for
vulnerabilities. Disabling these features reduces the number of vectors through which a
guest can attempt to influence the host, and thus may help prevent successful exploits.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘isolation.tools.guestDnDVersionSet.disable’ -value $true
Impact-Some automated tools and process may cease to function.
Default Value-The prescribed state is not the default state.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.