Solutions for server vulnerabilities
Problem | Solution | Solution Reference |
---|---|---|
Disable Server Message Block (SMB) Protocol Version 1 | Disable SMB v1 on PowerShell
| |
MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) | Install security update | https://learn.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-011 |
WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) | Add and enable registry value
| WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (... |
|
| Disabling 3DES and changing cipher suites order. How to resolve SSL Medium Strength Cipher Suites Supported SWEET32 vulnerability (Windows) |
| Disable registry value for these vulnerable protocols in |
|
Notes:
Changing registry value requires computer reboot
Check TLS version for a certain port using
openssl s_client -connect <hostname>:<port>