CCE-42589-2Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Allow Standby States (S1-S3) When Sleeping (Plugged In)'
Dictates whether or not Windows is allowed to use standby states when sleeping the computer.
When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate.
Counter Measure:
During hibernation, system power state S4, the computer's RAM and CPU are powered off and memory is flushed to discard any secrets that had been stored there. Operating system context, however, is maintained in a hibernation file (an image of memory) that the system writes to the encrypted BitLocker OS volume before entering the S4 state. Upon restart, the loader reads this file and jumps to the system's previous, pre-hibernation location. Additionally, Disabling sleep states (S1-S3), and allowing only hibernation state (S4) has the additional benefit that the system resumes through the BitLocker startup checks to include prompting the user for a PIN if TPM+PIN is used.
Potential Impact:
Users will not be able to use Sleep (S3) which resumes faster than Hibernation (S4).
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemPower ManagementSleep SettingsAllow Standby States (S1-S3) When Sleeping (Plugged In)
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftPowerPowerSettingsabfc2519-3608-4c2a-94ea-171b0ed546abACSettingIndex
CCSS Severity: | CCSS Metrics: |
CCSS Score : 3.5 | Attack Vector: ADJACENT_NETWORK |
Exploit Score: 2.1 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: LOW |
Severity: LOW | User Interaction: NONE |
Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35156 |