CCE-98136-5Platform: cpe:/o:microsoft:windows_server_2022:::x64 | Date: (C)2023-07-18 (M)2023-07-19 |
This policy setting lets you configure Windows spotlight on the lock screen.
If you enable this policy setting, "Windows spotlight" will be set as the lock screen provider and users will not be able to modify their lock screen. "Windows spotlight" will display daily images from Microsoft on the lock screen.
Additionally, if you check the "Include content from Enterprise spotlight" checkbox and your organization has setup an Enterprise spotlight content service in Azure, the lock screen will display internal messages and communications configured in that service, when available. If your organization does not have an Enterprise spotlight content service, the checkbox will have no effect.
If you disable this policy setting, Windows spotlight will be turned off and users will no longer be able to select it as their lock screen. Users will see the default lock screen image and will be able to select another image, unless you have enabled the "Prevent changing lock screen image" policy.
If you do not configure this policy, Windows spotlight will be available on the lock screen and will be selected by default, unless you have configured another default lock screen image using the "Force a specific default lock screen image" policy.
Note: This policy is only available for Enterprise SKUs
Fix:
(1) GPO: User ConfigurationAdministrative TemplatesWindows ComponentsCloud ContentConfigure Windows spotlight on lock screen
(2) REG: HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsCloudContent!ConfigureWindowsSpotlight
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: User Configuration\Administrative Templates\Windows Components\Cloud Content\Configure Windows spotlight on lock screen
(2) REG: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CloudContent!ConfigureWindowsSpotlight
CCSS Severity: | CCSS Metrics: |
CCSS Score : 3.2 | Attack Vector: PHYSICAL |
Exploit Score: 0.7 | Attack Complexity: LOW |
Impact Score: 2.5 | Privileges Required: LOW |
Severity: LOW | User Interaction: NONE |
Vector: AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:91042 |