SusanBradley (0)

Last Login: October 16, 2020
Assessments
0
Score
0

SusanBradley's Contributions (3)

Sort by:
Filter by:
5

From the SANS ISC:
https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/

Highlight
    Do not disable IPv6 entirely unless you want to break Windows in interesting ways.
    This can only be exploited from the local subnet.
    But it may lead to remote code execution / BSOD
    PoC exploit is easy, but actual RCE is hard.

3

From “https://www.microsoft.com/security/blog/2020/10/07/best-practices-for-defending-azure-virtual-machines/” “If you are already allowing RDP access to your Azure VMs from the internet, you should check the configuration of your Network Security Groups. Find any rule that is publishing RDP and look to see if the Source IP Address is a wildcard (*). If that is the case, you should be concerned, and it’s quite possible that the VM could be under brute force attack right now.”

As a mitigation for on prem servers you can use duo.com (vendor that provides two factor to rdp connections) to protect RDP and the built in Microsoft firewall to limit access to certain IP addresses.

6