I have approx. 10 Windows Server virtual machines in my Azure subscription, mostly Server 2019 with a handful of older Server 2016 VMs.
Azure Security Centre is reporting "90213-Windows Registry Setting To Globally Prevent Socket Hijacking Missing" as a vulnerability that should be remediated, but only for the Server 2016 machines.
There are none of the normal links to external information for the vulnerability from inside Azure Security Centre.
When I read up on the threat and remediation details, it states that:
As a solution, Microsoft provided the SO_EXCLUSIVEADDRUSE Option, a socket option to be used by sockets before binding, to prevent this issue. However, using the SO_EXCLUSIVEADDRUSE option may not be possible for administrators with server applications coded prior to this solution, or which are closed source binaries that can't be fixed to implement this. This socket option has been provided for all Windows versions starting from Windows NT 4.0 Service Pack 4 and onwards.
My question is, why is this vulnerability only showing for my Server 2016 machine, when none of the VMs in my subscription (Server 2016 or 2019) have the suggested workaround registry setting applied:
As a workaround, Microsoft provides a registry setting that will globally (system-wide) prevent all sockets from reusing any port that is already in use. This is done by setting to 1 the "DisableAddressSharing" value of the "HKLM\System\CurrentControlSet\Services\Afd\Parameters" key. (Reboot required for the setting to take effect).
Is there some change in Server 2019 that remediates this vulnerability, and if so why has it not been patched back onto Server 2016?
Any info would be greatly appreciated!
