CCE-3150-0Platform: cpe:/o:microsoft:windows_xp | Date: (C)2012-03-13 (M)2023-07-14 |
This policy setting determines which communication sessions, or pipes, will have attributes and permissions that allow anonymous access.
Note: When you configure this setting you specify a list of one or more objects. The delimiter used when entering the list is a line feed or carriage return, that is, type the first object on the list, press the Enter button, type the next object, press Enter again, etc. The setting value is stored as a comma-delimited list in group policy security templates. It is also rendered as a comma-delimited list in Group Policy Editor's display pane and the Resultant Set of Policy console. It is recorded in the registry as a line-feed delimited list in a REG_MULTI_SZ value.
Countermeasure:
Configure the Network access: Named Pipes that can be accessed anonymously setting to a null value (enable the setting but do not enter named pipes in the text box).
Potential Impact:
This configuration will disable null session access over named pipes, and applications that rely on this feature or on unauthenticated access to named pipes will no longer function. For example, with Microsoft Commercial Internet System 1.0, the Internet Mail Service runs under the Inetinfo process. Inetinfo starts in the context of the System account. When Internet Mail Service needs to query the Microsoft SQL Server database, it uses the System account, which uses null credentials to access a SQL pipe on the computer that runs SQL Server.
To avoid this problem, refer to the Microsoft Knowledge Base article "How to access network files from IIS applications," which is located at http://support.microsoft.com/en-us/kb/207671."
Parameter:
[named pipes]
Technical Mechanism:
(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options\\Network access: Named Pipes that can be accessed anonymously
(2) REG: HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters!NullSessionPipes
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:gov.nist.usgcb.xp:def:91 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v6.0 |
Jericho Forum | Jericho Forum |
HIPAA/HITECH Act | HIPAA/HITECH Act |
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- |
ISO/IEC 27001-2005 | ISO/IEC 27001-2005 |
COBIT 4.1 | COBIT 4.1 |
GAPP (Aug 2009) | GAPP (Aug 2009) |
NERC CIP | NERC CIP |
NIST SP800-53 R3 | NIST SP800-53 R3 AC-3 |
NIST SP800-53 R3 | NIST SP800-53 R3 CM-6 |
NIST SP800-53 R3 | NIST SP800-53 R3 CM-7 |
NIST SP800-53 R3 | NIST SP800-53 R3 SC-5 |
PCIDSS v2.0 | PCIDSS v2.0 |
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- |
BITS Shared Assessments AUP v5.0 | BITS Shared Assessments AUP v5.0 |