Score:0

Azure Security Centre - "90213-Windows Registry Setting To Globally Prevent Socket Hijacking Missing" - Why does this only appear for Server 2016

de flag

I have approx. 10 Windows Server virtual machines in my Azure subscription, mostly Server 2019 with a handful of older Server 2016 VMs.

Azure Security Centre is reporting "90213-Windows Registry Setting To Globally Prevent Socket Hijacking Missing" as a vulnerability that should be remediated, but only for the Server 2016 machines.

There are none of the normal links to external information for the vulnerability from inside Azure Security Centre.

When I read up on the threat and remediation details, it states that:

As a solution, Microsoft provided the SO_EXCLUSIVEADDRUSE Option, a socket option to be used by sockets before binding, to prevent this issue. However, using the SO_EXCLUSIVEADDRUSE option may not be possible for administrators with server applications coded prior to this solution, or which are closed source binaries that can't be fixed to implement this. This socket option has been provided for all Windows versions starting from Windows NT 4.0 Service Pack 4 and onwards.

My question is, why is this vulnerability only showing for my Server 2016 machine, when none of the VMs in my subscription (Server 2016 or 2019) have the suggested workaround registry setting applied:

As a workaround, Microsoft provides a registry setting that will globally (system-wide) prevent all sockets from reusing any port that is already in use. This is done by setting to 1 the "DisableAddressSharing" value of the "HKLM\System\CurrentControlSet\Services\Afd\Parameters" key. (Reboot required for the setting to take effect).

Is there some change in Server 2019 that remediates this vulnerability, and if so why has it not been patched back onto Server 2016?

Any info would be greatly appreciated!

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.