none
Sweet 32 Remediation RRS feed

  • Question

  • I've been trying to follow the posts on this but with so many answers I've honestly lost the thread. In any case, remediating this vulnerability shown in a Nessus scan for Windows Server 2008 R2. We have already purportedly disabled DES 56/56, three RC2, and four RC4 ciphers as well as Triple DES 168/168. After loading a patch (KB 3080079) so RDP access would break we then disabled the TLS v1.0 protocol. This was all done with registry entries using DWORD Enabled with value 0. The vulnerability is still extant, however. What am I missing? Do I need a reboot after disabling the TLS v1.0 protocol?
    Tuesday, June 27, 2017 6:15 PM

All replies

  • Yes, you generally need to reboot after making changes in the registry to disable protocols.

    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security), MVP Twitter @georgathomas This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, June 28, 2017 3:14 AM
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, please feel free to ask.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, July 7, 2017 3:34 AM
    Moderator