AnsweredAssumed Answered

3 SMB Signing Disabled or SMB Signing Not Required (1)

Question asked by kbutler6il on Feb 28, 2013

Our security team performs a scan on a Windows 7 client and I get a level three threat on SMB signing.  I have tried two different aprroaches to address:

1)  Force Signing required

2)  SMB disabled altogether

The risk remains in each subsequent scan.  Is there something else I should try?

Here is what I've tried to date:

 

To disbale:

sc.exe configlanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

 

 

To require SMB signing:

Use gpedit.msc, thennavigate to:
- Computer Configuration
- Windows Settings
- Security Settings
- Local Policies
Search within the right pane for:
"Microsoft network client: Digially sign communications (always)"
> Set this to enabled
and
"Microsoft network client: Digially sign communications (if server agrees)"
> Set this to disabled (or not configured)

 

Thanks,

Kevin

 

Scan Result:

SMB Signing Disabled or SMB Signing Not Required (1)

 

QID: 90043 CVSS Base: 7.3 [1]

Category: Windows CVSS Temporal: 6.3

CVE ID: -

Vendor Reference: -

Bugtraq ID: -

Service Modified: 08/30/2012

User Modified: -

Edited: No

PCI Vuln: Yes

THREAT:

This host does not seem to be using SMB (Server Message Block) signing. SMB signing is a security mechanism in the SMB protocol and is

also known as security signatures. SMB signing is designed to help improve the security of the SMB protocol.

Outcomes