Detections
Analytics

1.234 WN22-SO-000270

Information

Windows Server 2022 must prevent NTLM from falling back to a Null session.

GROUP ID: V-254471
RULE ID: SV-254471r991589

NTLM sessions that are allowed to fall back to Null (unauthenticated) sessions may gain unauthorized access.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Network security: Allow LocalSystem NULL session fallback to 'Disabled'

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-254471r991589_rule, STIG-ID|WN22-SO-000270, Vuln-ID|V-254471

Plugin: Windows

Control ID: 6c1081b576029f65fcc864d6e47d7568df1651b95e53636608284609874ed715