This vulnerability can be cause due to many services which uses SMB in some ways. There are many related articles which you will found and they will tell you which service has problem and what should be the fix.
Articles : Tenable, Nessus, Microsoft
When i worked on this security incident, i found that there are some policies which are wrongly configured in GPO which is applying on all laptops and workstations.
There are only 4 things which you have to check on all service settings which are coming from GPO or manually configured. Then you have to remove them from ACL of those services.
1. Authenticated Users
2. Domain Users
3. Users
4. Everyone
If service is disabled, then there is not need to check this on it. If it is enabled either in Automatic Mode or Manual Mode, it is important to check.
Subscribe to:
Post Comments (Atom)
I really appreciate the information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in #IBM #QRadar, kindly Contact MaxMunus
ReplyDeleteMaxMunus Offer World Class Virtual Instructor-led training on #IBM #QRadar. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 1,00,000 + training in India, USA, UK, Australia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain, and UAE etc.
Avishek Priyadarshi
MaxMunus
E-mail: avishek@maxmunus.com
Skype id: avishek_2.
Ph:(0) 8553177744 / 080 - 41103383
www.MaxMunus.com