Windows LSA Protection Status

info Nessus Plugin ID 159929

Language:

Synopsis

Windows LSA Protection is disabled on the remote Windows host.

Description

The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.

Solution

Enable LSA Protection per your corporate security guidelines.

Plugin Details

Severity: Info

ID: 159929

File Name: lsa_protection_status.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 4/20/2022

Updated: 5/25/2022

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated

Detections

Analytics