Details
Due to performance reasons, modern graphic rendering is done within a dedicated graphic processing unit (GPU). Virtual machines can use the host-based GPU for such operations as well. Such dedicated hardware is typically accessed by using complex APIs like OpenGL and DirectX. This hardware-based 3D acceleration should be disabled if it is not needed.
Rationale:
Security flaws within APIs can lead to serious security breaches like memory corruption, denial of service, and remote code execution.
Solution
To disable hardware-based 3D acceleration, run the following PowerCLI command:
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘mks.enable3d’ -value $false
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.