none
SWEET32 Vulnerability - Script Run RRS feed

  • Question

  • Hi All,

    I am running the 'solve-sweet32.ps1 script from https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1

    I first ran it with the '-Solve:"SWEET32"' argument to clean it up. However a subsequent scan stated that the vulnerability was still present.  I then ran it without any arguments so it will clean up all vulnerabilities found. Still, a scan showed the server as still being vulnerable. See below for output from this second run of the command. Any assistance is appreciated!

    PS C:\Users\36207PA\Desktop> Set-ExecutionPolicy Unrestricted PS C:\Users\36207PA\Desktop> .\solve-sweet32.ps1 Solving vulnerability --> SWEET32 WARNING: They key already exits (HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Trip le DES 168/168) The registry entry with property enabled = 0, already exists Solving vulnerability --> TLS1.0 Create new Key (HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNE L\Protocols\TLS 1.0) Creating new property Enabled = 0 for TLS 1.0 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client) Creating new property Enabled = 0 for TLS 1.0 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server) Create new Key (HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNE L\Protocols\TLS 1.1) Creating new property Enabled = 0 for TLS 1.1 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client) Creating new property Enabled = 0 for TLS 1.1 in (HKLM:\SYSTEM\CurrentControlSet \Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server) Creating 'Enabled' and 'DisabledByDefault' for TLS 1.2 in (HKLM:\SYSTEM\CurrentC ontrolSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client) New-ItemProperty : Cannot convert value "4294967295" to type "System.Int32". Er ror: "Value was either too large or too small for an Int32." At C:\Users\36207PA\Desktop\Solve-Sweet32.ps1:233 char:41 +                         New-ItemProperty <<<<  -PropertyType DWORD -Path "$cs path" -Name "Enabled" -Value 4294967295 -Force| Out-Null     + CategoryInfo          : WriteError: (HKEY_LOCAL_MACH...\TLS 1.2\Client:S    tring) [New-ItemProperty], PSInvalidCastException     + FullyQualifiedErrorId : System.Management.Automation.PSInvalidCastExcept    ion,Microsoft.PowerShell.Commands.NewItemPropertyCommand Creating 'Enabled' and 'DisabledByDefault' for TLS 1.2 in (HKLM:\SYSTEM\CurrentC ontrolSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server) New-ItemProperty : Cannot convert value "4294967295" to type "System.Int32". Er ror: "Value was either too large or too small for an Int32." At C:\Users\36207PA\Desktop\Solve-Sweet32.ps1:233 char:41 +                         New-ItemProperty <<<<  -PropertyType DWORD -Path "$cs path" -Name "Enabled" -Value 4294967295 -Force| Out-Null     + CategoryInfo          : WriteError: (HKEY_LOCAL_MACH...\TLS 1.2\Server:S    tring) [New-ItemProperty], PSInvalidCastException     + FullyQualifiedErrorId : System.Management.Automation.PSInvalidCastExcept    ion,Microsoft.PowerShell.Commands.NewItemPropertyCommand Cleaning up variables


    • Edited by TimBerry73 Friday, July 19, 2019 2:43 PM
    Friday, July 19, 2019 2:40 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    According to the Q and A (8) part of the script we provided, we can see:




    We can try to change the value "4294967295" in 233 line to '0xffffffff' to see if it helps.




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 22, 2019 7:00 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 25, 2019 7:36 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
    Thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 29, 2019 8:40 AM
    Moderator
  • Hi Daisy,

    Sorry for the delay in responding.

    At this time, how do I go about reversing the fix that the script provided? I need to access our applications' console which was affected by this script's changes.

    Thanks,

    Tim

    Monday, September 9, 2019 4:26 PM