Windows 10 systems must be maintained at a supported servicing level.

From Windows 10 Security Technical Implementation Guide

Part of WN10-00-000040

Associated with: CCI-000366

SV-77839r6_rule Windows 10 systems must be maintained at a supported servicing level.

Vulnerability discussion

Windows 10 is maintained by Microsoft at servicing levels for specific periods of time to support Windows as a Service. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities which leaves them subject to exploitation.New versions with feature updates are planned to be released on a semi-annual basis with an estimated support timeframe of 18 months. The initial release of a feature update is the Semi-Annual Channel (Pilot), previously referred to as the Current Branch (CB). Approximately 4 months after a new release it is declared ready for broad deployment, previously referred to as the Current Branch for Business (CBB). Only 2 active versions will typically be supported with updates at any given time (with some overlap during the period the latest version is declared ready for broad deployment and support ending for the oldest version.)Note: Microsoft has extended support for an additional 6 months with supplemental servicing for versions 1607, 1703, and 1709. Supplemental servicing provides critical and important updates for Windows 10 Enterprise only.A separate servicing branch intended for special purpose systems is the Long-Term Servicing Channel (LTSC, formerly Branch - LTSB) which will receive security updates for 10 years but excludes feature updates. Systems using an LTSC\B version may not be able to meet all requirements of the STIG as new features are added, which organizations will need to address.

Check content

Run "winver.exe". If the "About Windows" dialog box does not display: "Microsoft Windows Version 1607 (OS Build 14393.0)" or greater, this is a finding. Note: Microsoft has extended support for an additional 6 months with supplemental servicing for versions 1607, 1703, and 1709. Supplemental servicing provides critical and important updates for Windows 10 Enterprise only. Currently supported Semi-Annual Channel versions: v1607 - Microsoft support is scheduled to end 9 October 2018. v1703 - Microsoft support is scheduled to end 9 April 2019. v1709 - Microsoft support is scheduled to end 8 October 2019. v1803 - Microsoft support tentatively scheduled to end October 2019. No preview versions will be used in a production environment. Special purpose systems using the Long-Term Servicing Branch\Channel (LTSC\B) must be at "Version 10.0 (OS Build 10240)" or greater. LTSC\B versions at Build 10240 or greater are not a finding. Current LTSC\B versions are v1507 (Build 10240) and v1607 (Build 14393).

Fix text

Update systems on the Semi-Annual Channel to "Microsoft Windows Version 1607 (OS Build 14393.0)" or greater. It is recommended systems be upgraded to the most recently released version. Special purpose systems using the Long-Term Servicing Branch\Channel (LTSC\B) must be at Version 10.0 (OS Build 10240)" or greater.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer