[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-45283-9

Platform: cpe:/o:microsoft:windows_server_2016Date: (C)2017-08-03   (M)2023-07-04



MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers Vulnerability: The NetBT protocol is designed not to use authentication, and is therefore vulnerable to spoofing. Spoofing makes a transmission appear to come from a user other than the user who performed the action. A malicious user could exploit the unauthenticated nature of the protocol to send a name-conflict datagram to a target computer, which would cause the computer to relinquish its name and not respond to queries. The result of such an attack could be to cause intermittent connectivity issues on the target computer, or even to prevent the use of Network Neighborhood, domain logons, the NET SEND command, or additional NetBIOS name resolution. For more information, see the Microsoft Knowledge Base article "MS00-047: NetBIOS Vulnerability May Cause Duplicate Name on the Network Conflicts" at http://support.microsoft.com/default.aspx?kbid=269239. Counter Measure: Configure the MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (Only recommended for servers) entry to a value of Enabled. The possible values for this registry entry are: * 1 or 0. The default configuration is 1 (enabled). In the SCE UI, these options appear as: * Enabled * Disabled * Not Defined Alternatively, you could disable the use of WINS in your environment, and further ensure that all applications rely upon DNS for name resolution services. Although this approach is a recommended long-term strategy, it is generally impractical for most organizations to attempt as a short-term solution. Organizations that still run WINS generally have application dependencies that cannot be quickly resolved without upgrades and software rollouts, which require careful plans and significant time commitments. If you cannot deploy this countermeasure and you want to guarantee NetBIOS name resolution, you can take the additional step of "pre-loading" NetBIOS names in the LMHOSTS file on certain computers. For more information about how to pre-load the LMHOSTS file, see the Microsoft Knowledge Base article "MS00-047: NetBIOS Vulnerability May Cause Duplicate Name on the Network Conflicts" that was referenced earlier in this section. Note: Maintenance of LMHOSTS files in most environments requires a significant amount of effort. Microsoft encourages the use of WINS instead of LMHOSTS. Potential Impact: An attacker could send a request over the network and query a computer to release its NetBIOS name. As with any change that could affect applications, Microsoft recommends that you test this change in a non-production environment before you change the production environment. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesMSS (Legacy)MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNetbtParameters!NoNameReleaseOnDemand


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters!NoNameReleaseOnDemand

CCSS Severity:CCSS Metrics:
CCSS Score : 8.1Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40320


OVAL    1
oval:org.secpod.oval:def:40320
XCCDF    5
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_general_Windows_Server_2016
...

© SecPod Technologies