2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'

Information

Enabling Ad Hoc Distributed Queries allows users to query data and execute statements on external data sources. This functionality should be disabled.

Rationale:

This feature can be used to remotely access and exploit vulnerabilities on remote SQL Server instances and to run unsafe Visual Basic for Application functions.

Solution

For AWS RDS Instances, please refer to the documentation for using Parameter Groups here:
Working with parameter groups
Run the following T-SQL command:

EXECUTE sp_configure 'show advanced options', 1;
RECONFIGURE;
EXECUTE sp_configure 'Ad Hoc Distributed Queries', 0;
RECONFIGURE;
GO
EXECUTE sp_configure 'show advanced options', 0;
RECONFIGURE;

Default Value:

0 (disabled)

See Also

https://workbench.cisecurity.org/files/4544

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2

Plugin: MS_SQLDB

Control ID: 618e53c36ad9a53e093c7a87ffe9a57f88673926d94f270f44861ff0920d40f4