detection

Reinforce the GPO domain without computer

medium

Language:

describe

Microsoft emphasized in the Active Directory infrastructure to maintain backward compatibility, which means it cannot enable all reinforcement function.

The solution

Enable reinforce the GPO to at least protect privileged users, the specific method is to disable the outdated agreement, to prevent the attacker using these protocols to raise its privileges on the Active Directory.

See also

[MS - NLMP) Session Security Details

MS09-001: Vulnerabilities in SMB could allow remote code execution

Stop using SMB1

"< : rm > [MS - NLMP) Session Security Details" < : rm >

Detailed information

The name of the:Reinforce the GPO domain without computer

Code name:C - GPO - HARDENING

severity:Medium

MITRE ATT&CK information:

Strategy:TA0001

The attacker known tool

Unknown:WannaCry

Baidu
map