CCE-43115-5Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Do not connect to any Windows Update Internet locations'
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store.
Enabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.
Note: This policy applies only when this PC is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Windows Update will periodically retrieve update information from the public Windows Update service.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateDo not connect to any Windows Update Internet locations
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateDoNotConnectToWindowsUpdateInternetLocations
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35234 |