Config - Disable SMBv3 Compression - Windows
Log In or Register to download the BES file, and more.

0 Votes

Description

This Fixlet detects if SMBv3 is vulnerable to CVE-2020-0796

It takes into account the following items:

  1. Vulnerable Windows OS Versions
  2. SMBv3 Enablement
  3. SMBv3 Compression Status

Actioning this Fixlet against a vulnerable device will disable SMBv3 Compression.

NOTE: This will only protect a SMBv3 Server and will not protect a SMBv3 Client. This remediation prevents the "Wormable" part of CVE-2020-0796.

This remediation is made available with no warranty expressed or otherwise and should be tested before being applied to any production or otherwise important systems.


Property Details

ID26668
StatusProduction - Fully Tested and Ready for Production
TitleConfig - Disable SMBv3 Compression - Windows
DomainBESC
SourceInternal
Source Release Date3/12/2020 12:00:00 AM
KeywordsSMBv3
Added by on 3/12/2020 10:51:30 AM
Last Modified by on 3/12/2020 10:51:30 AM
Counters 5606 Views / 23 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 1172)
Used in 1152 fixlets and 538 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists it whose (it = "1903" or it = "1909") of preceding text of last ")" of following text of first "(" of (operating system as string)
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not exists values "DisableCompression" whose (it = 1) of keys "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" of registry
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not exists values "SMB2" whose (it = 0) of keys "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" of registry

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
regset "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]" "DisableCompression"=dword:00000001
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!