Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

finding_list_cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv - ID 2.3.10.9, Network access: Remotely accessible registry paths and sub-paths #40

Open
nekodas opened this issue Jul 24, 2023 · 3 comments
Open

finding_list_cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv - ID 2.3.10.9, Network access: Remotely accessible registry paths and sub-paths #40

nekodas opened this issue Jul 24, 2023 · 3 comments
Assignees
@0x6d69636b
Labels
bug Something isn't working

Comments

@nekodas
Copy link

nekodas commented Jul 24, 2023
edited
Loading

[] Windows: Microsoft Windows Server 2022 Standard Evaluation
[] Windows edition: ServerStandardEval
[*] Windows version: 2009
Finding list - finding_list_cis_microsoft_windows_server_2022_21h2_1.0.0_machine.csv

After changing settings to recommended; it still flagging as incorrect:

[$] ID 2.3.10.9, Network access: Remotely accessible registry paths and sub-paths, Result=System\CurrentControlSet\Control\Print\Printers;System\CurrentControlSet\Services\Eventlog;Software\Microsoft\OLAP Server;Software\Microsoft\Windows NT\CurrentVersion\Print;Software\Microsoft\Windows NT\CurrentVersion\Windows;System\CurrentControlSet\Control\ContentIndex;System\CurrentControlSet\Control\Terminal Server;System\CurrentControlSet\Control\Terminal Server\UserConfig;System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration;Software\Microsoft\Windows NT\CurrentVersion\Perflib;System\CurrentControlSet\Services\SysmonLog, Recommended=System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Eventlog Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion\Print Software\Microsoft\Windows NT\CurrentVersion\Windows System\CurrentControlSet\Control\ContentIndex System\CurrentControlSet\Control\Terminal Server System\CurrentControlSet\Control\Terminal Server\UserConfig System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration Software\Microsoft\Windows NT\CurrentVersion\Perflib System\CurrentControlSet\Services\SysmonLog, Severity=Medium

It's a bit hard to see with that blurb of text so I will paste again with easier formatting for visibility:

Result:
System\CurrentControlSet\Control\Print\Printers
System\CurrentControlSet\Services\Eventlog
Software\Microsoft\OLAP Server
Software\Microsoft\Windows NT\CurrentVersion\Print
Software\Microsoft\Windows NT\CurrentVersion\Windows
System\CurrentControlSet\Control\ContentIndex
System\CurrentControlSet\Control\Terminal Server
System\CurrentControlSet\Control\Terminal Server\UserConfig
System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Software\Microsoft\Windows NT\CurrentVersion\Perflib
System\CurrentControlSet\Services\SysmonLog

Recommended:
System\CurrentControlSet\Control\Print\Printers
System\CurrentControlSet\Services\Eventlog
Software\Microsoft\OLAP Server
Software\Microsoft\Windows NT\CurrentVersion\Print
Software\Microsoft\Windows NT\CurrentVersion\Windows
System\CurrentControlSet\Control\ContentIndex
System\CurrentControlSet\Control\Terminal Server
System\CurrentControlSet\Control\Terminal Server\UserConfig
System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Software\Microsoft\Windows NT\CurrentVersion\Perflib
System\CurrentControlSet\Services\SysmonLog

Any idea's what went wrong here?
@nekodas
Copy link
Author

nekodas commented Jul 25, 2023
edited
Loading

Also having a similar issue with:

  • [$] ID 2.3.10.8, Network access: Remotely accessible registry paths, Result=System\CurrentControlSet\Control\ProductOptions;System\CurrentControlSet\Control\Server Applications;Software\Microsoft\Windows NT\CurrentVersion, Recommended=System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersion, Severity=Medium

Result:
The current configuration allows remote access to the following registry paths:

System\CurrentControlSet\Control\ProductOptions
System\CurrentControlSet\Control\Server Applications
Software\Microsoft\Windows NT\CurrentVersion

Recommended:
The recommended configuration suggests limiting remote access to the following registry paths:

System\CurrentControlSet\Control\ProductOptions
System\CurrentControlSet\Control\Server Applications
Software\Microsoft\Windows NT\CurrentVersion

@0x6d69636b 0x6d69636b self-assigned this Jul 25, 2023
@0x6d69636b 0x6d69636b added the bug Something isn't working label Jul 25, 2023
@0x6d69636b 0x6d69636b reopened this Jul 25, 2023
@0x6d69636b
Copy link
Member

Could you please test the version in the development repo, the issue should be fixed: https://github.com/0x6d69636b/windows_hardening

@nekodas
Copy link
Author

nekodas commented Jul 25, 2023

Just tried it from the link you provided and you were correct; it fixed the issue!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0x6d69636b 0x6d69636b

Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0x6d69636b @nekodas