CCE-97648-0Platform: cpe:/o:microsoft:windows_server_2022:::x64 | Date: (C)2022-06-07 (M)2023-07-04 |
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery.
If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.
If you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery.
If you do not configure this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.
Countermeasure:
If you wish to prevent BitLocker from refreshing platform validation data after recovery disable this policy setting.
Potential Impact:
If you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery.
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Reset platform validation data after BitLocker recovery
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE!TPMAutoReseal
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80817 |