133e9e0a-de38-477b-a29c-3451f6c505ec
Windows Update can obtain updates from additional sources instead of Microsoft. In addition to Microsoft, updates can be obtained from and sent to PCs on the local network as well as on the internet. This is part of the Windows Update trusted process; however, to minimize outside exposure, obtaining updates from or sending to systems on the internet must be prevented.
To fix this configure the policy value for:
Computer Configuration
|_ Administrative Templates
|_ Windows Components
|_ Delivery Optimization
|_ Download Mode to "Enabled" with any option except "Internet" selected.
Acceptable selections include: HTTP only (0) / LAN (1) / Group (2) / Internet (3) / Simple (99)
Stig: Server:
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2024-06-14/finding/V-205870 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93269
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2024-06-14/finding/V-254376
Desktop
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2024-06-13/finding/V-220835 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220835
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2024-06-10/finding/V-253413
NIST 800-53: CM-6b
CAT: III
CCE: CCE-85419-0
CCI: CCI-000366
PCI-DSS v4.0: 10.7, 10.7.1, 10.7.2, 10.7.3
STIG-ID: APPL-11-002066
Rule-ID: SV-253394r991589_rule
STIG-ID: WN11-CC-000206
Vuln-ID: V-253394
MITRE Att&k: T1556.002, T1078, T1072