| VID |
27074 |
| Severity |
30 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
The terminal service for managing remote server may use for hacking tool if you use vulnerable password or don't set access control properly. So you should check this service.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
[Windows Server 2003]
1. Start> Run> TSCC.MSC> Select a service> Properties
2. General Tab> Set encryption level of "Security" ¡æ Client compatibility for(Windows 2003), more than mid(Windows 2000)
¡Ø Additional countermeasures if terminal service is required
1. Don't Allow terminal connection of General Users except administrators.
2. Allow administrator's IP only to use terminal service port(3389) at firewall
[Windows Server 2008]
1. Start> Administrative Tools> Terminal Service> Terminal Service Configurations> RDP-Tcp Properties
2. General Tab> Set encryption level of "Security" ¡æ Client compatibility for(Windows 2003), more than mid(Windows 2000)
¡Ø Additional countermeasures if terminal service is required
1. Don't allow terminal connection of General Users except Administrators.
2. Allow Administrator's IP only to use terminal service port(3389) at firewall
[Windows Server 2012, 2016, 2019]
1. Run> gpedit.msc
2. Local Computer Policy -> Computer Configuration -> Windows Components -> Terminal Services -> Remote Desktop Top Session Host -> Security
3. Set Client Connection Encryption Level ¡æ Client Compatibility Abnormal Set encryption level |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
