18.6.8.5 (L1) Ensure 'Enable remote mailslots' is set to 'Disabled'

Information

This policy settings controls whether the SMB client will use remote mailslots over Multiple UNC Provider (MUP). The remote mailslots protocol is an old, simple, unreliable, and insecure inter-process communication method.

The recommended state for this setting is: Disabled

Remote mailslots is a legacy protocol that uses SMBv1 to function. This protocol is linked to known vulnerabilities, such as denial of service, buffer overflow, and remote code execution attacks.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Administrative Templates\Network\Lanman Workstation\Enable remote mailslots

Note: A reboot is required after the setting is applied.

Note #2: This Group Policy path may not exist by default. It is provided by the Group Policy template LanmanWorkstation.admx/adml that is included with the Microsoft Windows 11 Release 24H2 Administrative Templates (or newer).

Impact:

If the remote mailslots feature was in operation, it will no longer function.

See Also

https://workbench.cisecurity.org/benchmarks/22007

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: d0e891c91edf3275bb0aaca7b303a09680911ad3d6f11befd8e52a0e89b1b212