Windows 10 systems must be maintained at a supported servicing level.

From Windows 10 Security Technical Implementation Guide

Part of WN10-00-000040

Associated with: CCI-000366

SV-77839r5_rule Windows 10 systems must be maintained at a supported servicing level.

Vulnerability discussion

Windows 10 is maintained by Microsoft at servicing levels for specific periods of time to support Windows as a Service. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities which leaves them subject to exploitation. New versions with feature updates are planned to be released on a semi-annual basis with an estimated support timeframe of 18 months. The initial release of a feature update is the Semi-Annual Channel (Pilot), previously referred to as the Current Branch (CB). Approximately 4 months after a new release it is declared Semi-Annual Channel (Broad), previously referred to as the Current Branch for Business (CBB). Only 2 active versions will be supported with updates at any given time (with some overlap during the period the latest version is declared Semi-Annual Channel (Broad) and support ending for the oldest version.)A separate servicing branch intended for special-purpose systems is the Long-Term Servicing Channel (LTSC, formerly Branch - LTSB), which will receive security updates for 10 years but excludes feature updates. Systems using an LTSC/B version may not be able to meet all requirements of the STIG as new features are added, which organizations will need to address.

Check content

Run "winver.exe". If the "About Windows" dialog box does not display: "Microsoft Windows Version 1511 (OS Build 10586.0)" or greater, this is a finding. Note: Microsoft will continue to support v1511 through the April 2018 patch cycle with critical and important updates for Windows 10 Enterprise only. Currently supported Semi-Annual Channel versions: v1607 - Microsoft support is tentatively scheduled to end in March 2018. v1703 - Microsoft support is tentatively scheduled to end in September 2018. v1709 - Microsoft support is tentatively to end in March 2019. No preview versions will be used in a production environment. Special purpose systems using the LTSC/B must be at "Version 10.0 (OS Build 10240)" or greater. LTSC/B versions at Build 10240 or greater are not a finding.

Fix text

Update systems on the Semi-Annual Channel to "Microsoft Windows Version 1511 (OS Build 10586.0)" or greater. It is recommended systems be upgraded to the most recently released version. Special purpose systems using the LTSC/B must be at "Version 10.0 (OS Build 10240)" or greater.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer