Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-63349 | WN10-00-000040 | SV-77839r3_rule | High |
Description |
---|
Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities which leaves them subject to exploitation. Windows 10 is maintained by Microsoft at servicing levels for specific periods of time to support Windows as a Service. The Current Branch (CB) is the only option for consumer versions and will be maintained for approximately 4 months before a new CB is declared. Only the current CB is serviced with updates. Professional and Enterprise versions may select the Current Branch for Business (CBB) which is declared at the end of a Current Branch period and will be maintained for approximately 8 additional months. There will only be 2 CBBs active at any given time which will be serviced with updates. A separate servicing branch intended for special purpose systems is the Long-Term Servicing Branch (LTSB) which will receive security updates for 10 years but excludes feature updates. Systems using an LTSB version may not be able to meet all requirements of the STIG as new features are added, which organizations will need to address. |
STIG | Date |
---|---|
Windows 10 Security Technical Implementation Guide | 2017-02-21 |
Check Text ( C-69229r3_chk ) |
---|
Run "winver.exe". If the "About Windows" dialog box does not display: "Microsoft Windows Version 1511 (OS Build 10586.0)" or greater, this is a finding. No preview versions will be used in a production environment. Special purpose systems using the Long-Term Servicing Branch (LTSB) must be at "Version 10.0 (OS Build 10240)" or greater. If LTSB versions are not at Build 10240 or greater, this is a finding. |
Fix Text (F-74853r1_fix) |
---|
Update systems on the Current Branch (CB) or Current Branch for Business (CBB) to "Microsoft Windows Version 1511 (OS Build 10586.0)" or greater. Special purpose systems using the Long-Term Servicing Branch (LTSB) must be at Version 10.0 (OS Build 10240)" or greater. |