CCE-93631-0Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2020-09-22 (M)2023-07-14 |
Microsoft network client: Digitally sign communications (if server agrees)
This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing. The implementation of digital signing in Windows?based networks helps to prevent sessions from being hijacked. If you enable this policy setting, the Microsoft network client will use signing only if the server with which it communicates accepts digitally signed communication.
Microsoft recommends to enable The Microsoft network client: Digitally sign communications (if server agrees) setting.
Note Enabling this policy setting on SMB clients on your network makes them fully effective for packet signing with all clients and servers in your environment.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!Microsoft network client: Digitally sign communications (if server agrees)
(2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanWorkstationParameters!EnableSecuritySignature
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:56648 |