CCE-44425-7Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Select the 'Let Windows apps access messaging' to user_is_in_control
This policy setting specifies whether Windows apps can read or send messages (text or MMS).
If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device.
If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organization cannot change it.
If you choose the "Force Deny" option, Windows apps cannot read or send messages and employees in your organization cannot change it.
If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device.
If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
Counter Measure:
Enable and configure this setting to "Force Deny" depending on your organization's requirements.
Potential Impact:
Windows apps cannot read or send messages and employees in your organization cannot change it.
Parameter:
[user is in control/force allow/force deny]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApp PrivacyLet Windows apps access messaging
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsAppPrivacyLetAppsAccessMessaging
CCSS Severity: | CCSS Metrics: |
CCSS Score : 2.9 | Attack Vector: LOCAL |
Exploit Score: 1.4 | Attack Complexity: HIGH |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: LOW | User Interaction: NONE |
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35441 |