Config - Disable SMBv3 Compression - Windows
0 Votes |
Description
This Fixlet detects if SMBv3 is vulnerable to CVE-2020-0796
It takes into account the following items:
- Vulnerable Windows OS Versions
- SMBv3 Enablement
- SMBv3 Compression Status
Actioning this Fixlet against a vulnerable device will disable SMBv3 Compression.
NOTE: This will only protect a SMBv3 Server and will not protect a SMBv3 Client. This remediation prevents the "Wormable" part of CVE-2020-0796.
This remediation is made available with no warranty expressed or otherwise and should be tested before being applied to any production or otherwise important systems.
Property Details
26668 | |
Production - Fully Tested and Ready for Production | |
Config - Disable SMBv3 Compression - Windows | |
BESC | |
Internal | |
3/12/2020 12:00:00 AM | |
SMBv3 | |
strawgate on 3/12/2020 10:51:30 AM | |
strawgate on 3/12/2020 10:51:30 AM | |
5606 Views / 23 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
isWindows (Relevance 1172)
windows of operating system
Used in 1 fixlet | * Results in a true/false |
exists it whose (it = "1903" or it = "1909") of preceding text of last ")" of following text of first "(" of (operating system as string)
Used in 1 fixlet | * Results in a true/false |
not exists values "DisableCompression" whose (it = 1) of keys "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" of registry
Used in 1 fixlet | * Results in a true/false |
not exists values "SMB2" whose (it = 0) of keys "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" of registry
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
regset "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]" "DisableCompression"=dword:00000001
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
Social Media: |