UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Windows 8 default Scan app must be updated with the latest security patches or removed from the system. (Windows 8.1)


Overview

Finding ID Version Rule ID IA Controls Severity
V-43312 WN08-GE-000053 SV-56065r1_rule ECSC-1 Medium
Description
Applications must be updated as flaws are identified and remediations are made available. The default method for updating Windows 8 apps is through the Windows Store, which is required to be blocked. An alternate method must be used to maintain the default Windows 8 apps with the latest security updates if they are allowed on a system.
STIG Date
Windows 8 / 8.1 Security Technical Implementation Guide 2014-04-02

Details

Check Text ( C-49288r3_chk )
This requirement is NA for the initial release of Windows 8, which does not include the default Scan app.
It is applicable to Windows 8.1.

Verify the default Scan app has been patched with the latest security updates or removed from the system.

Open a command prompt as an administrator.
Enter "dism /online /Get-ProvisionedAppxPackages".
If "DisplayName : Microsoft.WindowsScan" is listed and is not being updated with the latest security patches, this is a finding.

The "PackageName" field will identify the version installed. This will need to be compared with the latest security updates from Microsoft.
Fix Text (F-48895r3_fix)
This requirement is NA for the initial release of Windows 8, which does not include the default Scan app.
It is applicable to Windows 8.1.

Maintain the Scan app with the latest security patches or remove it from the system. Microsoft provides security updates to default provisioned apps through the Windows Update Catalog for WSUS or as MSI files, as an alternate method to the Windows Store for updating.

To remove the Scan app from the system:

Open a command prompt as an administrator.
Enter "dism /online /Get-ProvisionedAppxPackages".
Make note of the PackageName (e.g., Microsoft.WindowsScan_2013.822.1832.4879_neutral_~_8wekyb3d8bbwe).
Enter the following to remove the app package from the system: "dism /online /Remove-ProvisionedAppxPackage /PackageName:packagename", substituting "packagename" noted from the previous step.
Uninstall the application from any user profiles provisioned prior to this.