Details
Due to performance reasons, modern graphic rendering is done within a dedicated graphic
processing unit (GPU). Virtual machines can use the host-based GPU for such operations as
well. Such dedicated hardware is typically accessed by using complex APIs like OpenGL and
DirectX. This hardware-based 3D acceleration should be disabled if it is not needed.
*Rationale*
Security flaws within APIs can lead to serious security breaches like memory corruption,
denial of service, and remote code execution.
Solution
To disable hardware-based 3D acceleration, run the following PowerCLI command:
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name “mks.enable3d” -value $false
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.