CCE-42114-9Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Reset platform validation data after BitLocker recovery'
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery.
If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.
If you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery.
If you do not configure this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.
Counter Measure:
If you wish to prevent BitLocker from refreshing platform validation data after recovery disable this policy setting.
Potential Impact:
If you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionOperating System DrivesReset platform validation data after BitLocker recovery
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftFVETPMAutoReseal
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35059 |