Have a Question?
< All Topics
Print

Fixes for Vulnerabilities Detected by Nessus Scanner

Refer to the summary of fixes for vulnerabilities detected by Nessus Scanner

133208 – VMware Tools 10.x < 11.0.0 Privilege Escalation (VMSA-2020-0002)

VMware Tools version 10.x is installed on Guest OS on ESXi 6.5 & 6.7 hosts, and you have to download VMware Tools version 11.x and install on individual Guest OS

42873 – SSL Medium Strength Cipher Suites Supported (SWEET32)

Disabled unsecure DES, 3DES & RC4 Ciphers in Registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168]
"Enabled"=dword:00000000

78447 – MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)

Disabled SSL 3.0 in Registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

104743 – TLS Version 1.0 Protocol Detection

Disabled TLS 1.0 in Registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

121010 – TLS Version 1.1 Protocol Detection

Disabled TLS 1.1 in Registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

Enabled TLS 1.2

Enabled TLS 1.2 in Registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

57582 – SSL Self-Signed Certificate

This is common vulnerability found on Windows Server with Remote Desktop enabled with self sign certificate

Refer to Replace RDP Default Self Sign Certificate to trusted Certificate with Microsoft Certificate Authority (CA)

Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre)

Download and install KB4346087: Intel microcode updates

Type 1 Font Parsing Remote Code Execution Vulnerability (ADV200006)

Fix with Registry

New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\windows NT\CurrentVersion\Windows' -Name 'DisableATMFD' -Value '00000001' -PropertyType 'Dword' -Force

Windows Speculative Execution Configuration Check

Fix with Registry

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'FeatureSettingsOverrideMask' `
-Value '0x00000003' -PropertyType 'Dword' -Force

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'FeatureSettingsOverride' `
-Value '0x00000048' -PropertyType 'Dword' -Force

134204 – MS15-124: Cumulative Security Update for Internet Explorer (CVE-2015-6161) (3125869)

Fix in Registry

#32 Bits
New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING'
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force

#64 Bits
New-Item -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING'
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force

104892 – Security Updates for Internet Explorer (June 2017)

Fix with Registry

#32 Bits 
New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl' -Name 'FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX'
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force
#64 Bits
New-Item -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX'
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX' `
-Name 'iexplore.exe' -Value '00000001' -PropertyType 'Dword' -Force
Table of Contents
Scroll to Top