CCE-47338-9Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-04 |
Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.
By default, users can enable invocation of an available camera on the lock screen.
If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera cannot be invoked on the lock screen.
Vulnerability:
This may allow a malicious agent to access the camera and associated photos or screenshots that may have confidential information.
Counter Measure:
Enable this policy setting and users cannot access the camera toggle from a locked state.
Potential Impact:
Users must unlock the device to access the camera toggle.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesControl PanelPersonalizationPrevent enabling lock screen camera
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsPersonalization!NoLockScreenCamera
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent enabling lock screen camera
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization!NoLockScreenCamera
CCSS Severity: | CCSS Metrics: |
CCSS Score : 3.7 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: LOW | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40335 |