CCE-47803-2Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2022-09-02 (M)2023-07-04 |
Configures the SMB v1 client driver's start type.
To disable client-side processing of the SMBv1 protocol, select the "Enabled" radio button, then select "Disable driver" from the dropdown.
WARNING: DO NOT SELECT THE "DISABLED" RADIO BUTTON UNDER ANY CIRCUMSTANCES!
For Windows 7 and Servers 2008, 2008R2, and 2012, you must also configure the "Configure SMB v1 client (extra setting needed for pre-Win8.1/2012R2)" setting.
To restore default SMBv1 client-side behavior, select "Enabled" and choose the correct default from the dropdown:
* "Manual start" for Windows 7 and Windows Servers 2008, 2008R2, and 2012;
* "Automatic start" for Windows 8.1 and Windows Server 2012R2 and newer.
Changes to this setting require a reboot to take effect.
For more information, see https://support.microsoft.com/kb/2696547
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesMS Security GuideConfigure SMB v1 client driver
(2) REG: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMrxSmb10!Start
Parameter:
[Disable driver/Manual start/Automatic start]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\MS Security Guide\Configure SMB v1 client driver
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MrxSmb10!Start
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.7 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.5 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:83736 |