Detections
Analytics

Domain Without Computer-Hardening GPOs

medium

Language:

Description

Microsoft places emphasis on maintaining backward compatibility in Active Directory infrastructure, which means that it cannot enable all hardening features.

Solution

Enable hardening GPOs to protect at least privileged users, specifically by disabling obsolete protocols to prevent attackers from exploiting them to elevate their privileges on the Active Directory.

See Also

A new look at null sessions and user enumeration

MS15-011 - Microsoft Windows Group Policy real exploitation via a SMB MiTM attack

[MS-NLMP] Session Security Details

MS09-001: Vulnerabilities in SMB could allow remote code execution

Stop using SMB1

Indicator Details

Name: Domain Without Computer-Hardening GPOs

Codename: C-GPO-HARDENING

Severity: Medium

MITRE ATT&CK Information:

Tactics: TA0001

Attacker Known Tools

Unknown: WannaCry