CCE-15124-1Platform: cpe:/o:microsoft:windows_10 | Date: (C)2022-11-15 (M)2023-07-04 |
Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system. This setting will prevent the Program Inventory from collecting data about a system and sending the information to Microsoft.
Fix:
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Application Compatibility >> "Turn off Inventory Collector" to "Enabled".
Parameter:
[disable/enable]
Technical Mechanism:
Configure the policy value for Computer Configuration Administrative Templates Windows Components Application Compatibility "Turn off Inventory Collector" to "Enabled".
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.1 | Attack Vector: NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 4.2 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85530 |