(imported topic written by AGOTAY)
I create a new fixlet to change/create the followings registry keys to remediate the
Microsoft Windows SMB NULL Session Authentication Vulnerability
. I tested and it works fine in a lab environment. But I will like to know on what Windows computers is really necesary to deploy the fix.
This are the REG keys necesarry to apply
- regset “[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]” “restrictanonymous”=dword:00000001
- regset “[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]” “restrictnullsessaccess”=dword:00000001
- regset “[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]” “NullSessionPipes”=hex(7):00,00
I was reading some topics about something like this but I need a litter help to finish the setup.
This is what I have:
- exists value “1” of key “HKLM\SYSTEM\CurrentControlSet\SControl\Lsa\restrictanonymous” of registry
- exists value “1” of key “HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\restrictnullsessaccess” of registry
Any help will be appreciate.
Regards,
AGOTAY