The Windows 8 default Health and Fitness app must be updated with the latest security patches or removed from the system.

From Windows 8/8.1 Security Technical Implementation Guide

Part of WN08-GE-000050

Associated with: CCI-000366

SV-56060r5_rule The Windows 8 default Health and Fitness app must be updated with the latest security patches or removed from the system.

Vulnerability discussion

Applications must be updated as flaws are identified and remediations are made available. The default method for updating Windows 8 apps is through the Windows Store, which is required to be blocked. An alternate method must be used to maintain the default Windows 8 apps with the latest security updates if they are allowed on a system.

Check content

Verify the default Health & Fitness app has been patched with the latest security related updates or removed from the system. Open a command prompt as an administrator. Enter "dism /online /Get-ProvisionedAppxPackages". If "DisplayName : Microsoft.BingHealthAndFitness" is listed and has not been updated with the latest security related updates, this is a finding. The "PackageName" field will identify the version installed. Microsoft Article 2971128 summarizes security related updates to the default apps, including versions and release dates. http://support.microsoft.com/kb/2971128

Fix text

Maintain the Health & Fitness app with the latest security related updates or remove it from the system. Microsoft provides security related updates to default provisioned apps through the Microsoft Update Catalog for WSUS or as MSI files, as an alternate method to the Windows Store for updating. Microsoft Article 2971128 summarizes security related updates to the default apps, including versions and release dates. http://support.microsoft.com/kb/2971128 To remove the Health & Fitness app from the system: Open a command prompt as an administrator. Enter "dism /online /Get-ProvisionedAppxPackages". Make note of the PackageName (e.g., Microsoft.BingHealthandFitness_2013.813.243.3760_neutral_~_8wekyb3d8bbwe). Enter the following to remove the app package from the system: "dism /online /Remove-ProvisionedAppxPackage /PackageName:packagename", substituting "packagename" noted from the previous step. Uninstall the application from any user profiles provisioned prior to this.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer