CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled:0 days :

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update\Windows Update for Business\Select when Quality Updates are received

Note: This Group Policy path does not exist by default. An updated Group Policy template ( WindowsUpdate.admx/adml ) isrequired - it is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).

Impact:

None - this is the default behavior.

Default Value:

Enabled: 0 days. (Install new Quality Updates as soon as they are available.)

CIS Controls:

Version 6

4.5 Use Automated Patch Management And Software Update Tools Deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. Patches should be applied to all systems, even systems that are properly air gapped.

Version 7

3.4 Deploy Automated Operating System Patch Management Tools Deploy automated software update tools in order to ensure that the operating systems are running the most recent security updates provided by the software vendor. 3.5 Deploy Automated Software Patch Management Tools Deploy automated software update tools in order to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor.

1181 | P a g e