Have a Question?
Fixes for Vulnerabilities Detected by Nessus Scanner
Refer to the summary of fixes for vulnerabilities detected by Nessus Scanner
133208 – VMware Tools 10.x < 11.0.0 Privilege Escalation (VMSA-2020-0002)
VMware Tools version 10.x is installed on Guest OS on ESXi 6.5 & 6.7 hosts, and you have to download VMware Tools version 11.x and install on individual Guest OS
42873 – SSL Medium Strength Cipher Suites Supported (SWEET32)
Disabled unsecure DES, 3DES & RC4 Ciphers in Registry
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168]
"Enabled"=dword:00000000
78447 – MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)
Disabled SSL 3.0 in Registry
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
104743 – TLS Version 1.0 Protocol Detection
Disabled TLS 1.0 in Registry
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
121010 – TLS Version 1.1 Protocol Detection
Disabled TLS 1.1 in Registry
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
Enabled TLS 1.2
Enabled TLS 1.2 in Registry
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
57582 – SSL Self-Signed Certificate
This is common vulnerability found on Windows Server with Remote Desktop enabled with self sign certificate
Refer to Replace RDP Default Self Sign Certificate to trusted Certificate with Microsoft Certificate Authority (CA)
Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre)
Download and install KB4346087: Intel microcode updates
Type 1 Font Parsing Remote Code Execution Vulnerability (ADV200006)
Fix with Registry
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\windows NT\CurrentVersion\Windows' -Name 'DisableATMFD' -Value '00000001' -PropertyType 'Dword' -Force
Windows Speculative Execution Configuration Check
Fix with Registry
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'FeatureSettingsOverrideMask' `
-Value '0x00000003' -PropertyType 'Dword' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'FeatureSettingsOverride' `
-Value '0x00000048' -PropertyType 'Dword' -Force
134204 – MS15-124: Cumulative Security Update for Internet Explorer (CVE-2015-6161) (3125869)
Fix in Registry
#32 Bits
New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING'
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force
#64 Bits
New-Item -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING'
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force
104892 – Security Updates for Internet Explorer (June 2017)
Fix with Registry
#32 Bits
New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl' -Name 'FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX'
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force
#64 Bits
New-Item -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX'
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force