Insecure Guest Logons Enabled (CIS LEVEL 1)

Created:2022/11/17 | Revised:2022/11/17

SYXSCORE

Severity:A level of a security risk associated with a vulnerability exploitation
 INFO
CVSS:Indication of a severity level of each CVE
 N/A
Countermeasure:Availability of measures to reduce a probability of an attack or an impact of a threat
 No
Public Aware:Availability of a public announcement of a vulnerability
 Yes
Weaponized:Vulnerability being abused by exploit or malware
 No

Overview

'Enable insecure guest logons' policy setting recommended state is 'Disabled'

Description

This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.

The Server Message Block (SMB) protocol provides the basis for file and print sharing and many other networking operations.

Impact

Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers.

Clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network.

Solution

To configure the policy as recommended follow the steps below (choose one of the suggested ways):

Fix using Syxsense Console

This vulnerability can be automatically fixed within the Syxsense console.

Check the example of Syxsense Cortex Workflow implementation.

Using Local Group Policy Editor

  • Press Windows+R keys and type 'gpedit.msc' and press OK;

  • Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Lanman Workstation
  • In the right pane double-click the 'Enable insecure guest logons' policy setting

  • Choose 'Disabled'
  • Click 'Ok'

This Group Policy path may not exist by default. It is provided by the Group Policy template LanmanWorkstation.admx/adml that is included with the Microsoft Windows 10 Release 1511 Administrative Templates (or newer).

Follow the link for download: Administrative Templates (.admx) for Windows 10 November 2021 Update [21H2]

©2024 by Syxsense Inc. All Rights Reserved
Contact Us
Patch Management
Vulnerability Scanner