Details

Windows 10 is maintained by Microsoft at servicing levels for specific periods of time to support Windows as a Service. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities which leaves them subject to exploitation.

New versions with feature updates are planned to be released on a semi-annual basis with an estimated support timeframe of 18 to 30 months depending on the release. Support for previously released versions has been extended for Enterprise editions.

A separate servicing branch intended for special purpose systems is the Long-Term Servicing Channel (LTSC, formerly Branch – LTSB) which will receive security updates for 10 years but excludes feature updates.

Solution

Update systems on the Semi-Annual Channel to ‘Microsoft Windows Version 1909 (OS Build 18363.0)’ or greater.

It is recommended systems be upgraded to the most recently released version.

Special-purpose systems using the Long-Term Servicing BranchChannel (LTSCB) may be at the following versions:

v1507 (Build 10240)
v1607 (Build 14393)
v1809 (Build 17763)

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_10_V2R3_STIG.ziphttps://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_10_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-6b.
• CAT|I
• CCI|CCI-000366
• Rule-ID|SV-220706r646212_rule
• STIG-ID|WN10-00-000040
• STIG-Legacy|SV-77839
• STIG-Legacy|V-63349
• Vuln-ID|V-220706

Source

• Tenable.com/audits