18.7.8 Ensure 'Configure RPC packet level privacy setting for incoming connections' is set to 'Enabled'

Information

This policy setting controls packet level privacy for Remote Procedure Call (RPC) incoming connections.

The recommended state for this setting is: Enabled.

A security bypass vulnerability ( CVE-2021-1678 | Windows Print Spooler Spoofing Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1678 ) exists in the way the Printer RPC binding handles authentication for the remote Winspool interface. Enabling the RPC packet level privacy setting for incoming connections enforces the server-side to increase the authentication level to minimize this vulnerability.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\MS Security Guide\Configure RPC packet level privacy setting for incoming connections

Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:

None - this is default behavior.

Item Details

Audit Name: CIS Microsoft Windows Server 2022 v5.0.0 L1 DC

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: f208159d442ca4cd016ca784f571e04573224e38ace3171453ed59723d12c858

Detections

Analytics

18.7.8 Ensure 'Configure RPC packet level privacy setting for incoming connections' is set to 'Enabled'

Information

Solution

See Also

Item Details