CCE-99849-2Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2023-05-09 (M)2023-07-04 |
This policy setting controls whether Windows records attempts to download configuration settings from the OneSettings service to the EventLog. If you enable this policy, Windows will record attempts to download configuration settings from the OneSettings service to the MicrosoftWindowsPrivacy-AuditingOperational EventLog channel. If you disable or don't configure this policy setting, Windows will not record attempts to download configuration settings from the OneSettings service to the EventLog.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsData Collection and Preview BuildsEnable OneSettings Auditing
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsDataCollection!EnableOneSettingsAuditing
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Enable OneSettings Auditing
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DataCollection!EnableOneSettingsAuditing
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:89602 |