The 13 year old RC4 cipher exploit is enabled by default on Server 2012 R2. If you have a IIS server using a digital certificate facing the Internet, it's recommended to disable RC4 cipher.
There are numerous security concerns documented on the Internet about this vulnerability including:
https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/
http://www.securityweek.com/new-attack-rc4-based-ssltls-leverages-13-year-old-vulnerability
To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:
This was put in place on a customers RDS Gateway and Web Access server after conducting a penetration test and finding this vulnerability enabled by default.
There are numerous security concerns documented on the Internet about this vulnerability including:
https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/
http://www.securityweek.com/new-attack-rc4-based-ssltls-leverages-13-year-old-vulnerability
To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:
This was put in place on a customers RDS Gateway and Web Access server after conducting a penetration test and finding this vulnerability enabled by default.
No comments:
Post a Comment