Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Windows Server 2008 SMB Service Enumeration Vulnerability - How to "fix"?

Answered Windows Server 2008 SMB Service Enumeration Vulnerability - How to "fix"?

  • Wednesday, November 14, 2012 9:23 PM
     
     
    Sign In to Vote
    0

    Hello,

    We just went through a vulneralbility scan of our network (Nessus) and one of the items that came up is Microsoft Windows SMB Service Enumeration. The solutions listed are either filter incoming traffic to this port (445) or have "tight login restrictions".

    I'm trying to find what "tight login retrictions" would satisfy this vulnerability but I'm not sure where to begin?

    Thanks for any assistance with this.

     

All Replies

  • Thursday, November 15, 2012 7:25 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    Thanks for posting in Windows Server Forum.

    However, it appears that the issue is more related to Nessus report indicate there may have issue with Windows SMB service. But I am not familiar with Nessus. So please make sure the server has all latest updates installed, to see if the issue still persists. For further investigation, I would recommend that you contact Nessus support team with detailed PlugIn IDs . Your understanding is highly appreciated.

    List of PlugIn IDs

    http://static.tenable.com/reports/Full-Windows-2008-Patch-Audit.html

    Best Regards,

    Aiden

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Aiden Cao

    TechNet Community Support

     
  • Thursday, November 15, 2012 2:17 PM
     
     
    Sign In to Vote
    0

    Thanks for responding.

    I do not believe the issue is with the actual SMB service but the fact that because of SMB all of the services are viewable to the scan (which means that "someone" could view the services listed). It is list as a low vulerability but I just do not understand how to implement the solution of having "tight login restrictions" - where would these restrictions be applied?

    John

     
  • Wednesday, November 21, 2012 7:17 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    You may configure the SMB Inbound Rules on Windows firewall.

    • Open Control Panel, click System and Security, and then click Windows Firewall.
    • In the left pane, click Advanced settings, and in the console tree, click Inbound Rules.
    • Under Inbound Rules, locate the rules File and Printer Sharing (NB-Session-In) and File and Printer Sharing (SMB-In).
    • For each rule, right-click the rule, and then click Enable Rule.
    • Set IP filter and restriction

    Best Regards,

    Aiden

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Aiden Cao

    TechNet Community Support

    • Marked As Answer by jfnva70 Wednesday, November 28, 2012 5:47 PM
    •  
     
  • Wednesday, November 28, 2012 5:47 PM
     
     
    Sign In to Vote
    0

    Thanks! That's what we're looking for.