CCE-42139-6Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Prevent memory overwrite on restart'
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.
If you enable this policy setting, memory will not be overwritten when the computer restarts. Preventing memory overwrite may improve restart performance but will increase the risk of exposing BitLocker secrets.
If you disable or do not configure this policy setting, BitLocker secrets are removed from memory when the computer restarts.
Counter Measure:
By default, BitLocker secrets are overwritten during a system restart.
Potential Impact:
Enabling this setting could reduce the amount of time a computer takes to restart, but doing so will increase the risk of BitLocker secrets being exposed.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionPrevent memory overwrite on restart
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftFVEMorBehavior
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.7 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 3.6 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35066 |