| VID |
28370 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
Remote support / remote desktop connection to remote Windows server is allowed. The service is a useful tool for managing a remote server, but it can be exploited as a tool of hacking if a weak password or access control is not set appropriately. Therefore, the service should be checked for unnecessary use.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
[Control Panel / System and Security / System / Allow Remote Access / Remote]: [Remote Assistance] [Remote Desktop] Check value. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
