Solutions for server vulnerabilities
Problem | Solution | Solution Reference |
---|---|---|
Disable Server Message Block (SMB) Protocol Version 1 | Disable SMB v1 on PowerShell
| Detect, enable, and disable SMBv1, SMBv2, and SMBv3 in Windows |
MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) | Install security update | |
WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) | Add and enable registry value
| WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (... |
|
| Disabling 3DES and changing cipher suites order. SSL Medium Strength Cipher Suites Supported (SWEET32) How to resolve SSL Medium Strength Cipher Suites Supported SWEET32 vulnerability (Windows) |
| Disable registry value for these vulnerable protocols in |
|
Notes:
Changing registry value requires computer reboot
Check TLS version for a certain port using
openssl s_client -connect <hostname>:<port>