{"id":6618,"date":"2020-03-24T15:28:26","date_gmt":"2020-03-24T19:28:26","guid":{"rendered":"https:\/\/kevinjustin.com\/blog\/?p=6618"},"modified":"2020-04-08T13:10:11","modified_gmt":"2020-04-08T17:10:11","slug":"windows-server-2016-vuln-found-in-security-scans","status":"publish","type":"post","link":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/","title":{"rendered":"Windows Server 2016 vuln found in Security scans"},"content":{"rendered":"

\"\"<\/a><\/p>\n

FYI – came across this today with a customer where Security scans SCOM servers.<\/p>\n

 <\/p>\n

Please note this is NOT a SCOM issue or vulnerability, and SCOM uses TLS1.2 just fine.<\/span><\/p>\n

 <\/p>\n

Found CVE-2017-8529 vulnerability on a SCOM server, so though this a good idea to communicate to the larger audience, in case Security finds vulnerabilities, based on customer 2016 server hardening.<\/p>\n

CVE-2017-8529 details:<\/strong><\/p>\n

The remote Windows host is missing security update KB4022715 or a Registry key to prevent the host against CVE-2017-8529. It is, therefore, affected by an information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user’s computer.<\/p>\n

The easiest way I found to update the server was via these two registry keys (32 bit and 64bit keys below)<\/p>\n

# KB4022715
\n# Add registry key
\nreg add “HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX” \/v “iexplore.exe” \/t REG_DWORD \/d 0 \/f<\/span>
\nreg add “HKLM\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX” \/v “iexplore.exe” \/t REG_DWORD \/d 0 \/f<\/span><\/p>\n

References<\/p>\n

https:\/\/community.tenable.com\/s\/article\/CVE-2017-8529-Plugins-returning-in-scan-results-Not-a-false-positive<\/a><\/p>\n

https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-8529<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

FYI – came across this today with a customer where Security scans SCOM servers.   Please note this is NOT a SCOM issue or vulnerability, and SCOM uses TLS1.2 just fine.   Found CVE-2017-8529 vulnerability on a SCOM server, so though this a good idea to communicate to the larger audience, in case Security finds … Continue reading “Windows Server 2016 vuln found in Security scans”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,502],"tags":[506,507,328,349,505,504,503],"class_list":["post-6618","post","type-post","status-publish","format-standard","hentry","category-administration","category-security","tag-cve-2017-8529","tag-regedit","tag-registry-key","tag-scom-2016","tag-scom2019","tag-server-2016","tag-windows-2016"],"yoast_head":"\nWindows Server 2016 vuln found in Security scans - Kevin Justin's Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows Server 2016 vuln found in Security scans - Kevin Justin's Blog\" \/>\n<meta property=\"og:description\" content=\"FYI – came across this today with a customer where Security scans SCOM servers.   Please note this is NOT a SCOM issue or vulnerability, and SCOM uses TLS1.2 just fine.   Found CVE-2017-8529 vulnerability on a SCOM server, so though this a good idea to communicate to the larger audience, in case Security finds … Continue reading "Windows Server 2016 vuln found in Security scans"\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/\" \/>\n<meta property=\"og:site_name\" content=\"Kevin Justin's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-24T19:28:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-08T17:10:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2020\/03\/BlackPadlock-1-300x300.jpg\" \/>\n<meta name=\"author\" content=\"WordPress Administrator\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WordPress Administrator\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/\"},\"author\":{\"name\":\"WordPress Administrator\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"headline\":\"Windows Server 2016 vuln found in Security scans\",\"datePublished\":\"2020-03-24T19:28:26+00:00\",\"dateModified\":\"2020-04-08T17:10:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/\"},\"wordCount\":234,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/BlackPadlock-1-300x300.jpg\",\"keywords\":[\"CVE-2017-8529\",\"regedit\",\"registry key\",\"scom 2016\",\"scom2019\",\"server 2016\",\"windows 2016\"],\"articleSection\":[\"Administration\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/\",\"name\":\"Windows Server 2016 vuln found in Security scans - Kevin Justin's Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/BlackPadlock-1-300x300.jpg\",\"datePublished\":\"2020-03-24T19:28:26+00:00\",\"dateModified\":\"2020-04-08T17:10:11+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/BlackPadlock-1.jpg\",\"contentUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/BlackPadlock-1.jpg\",\"width\":474,\"height\":474},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2020\\\/03\\\/24\\\/windows-server-2016-vuln-found-in-security-scans\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows Server 2016 vuln found in Security scans\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\",\"name\":\"Kevin Justin's Blog\",\"description\":\"Operational monitoring tools including System Center, Azure Monitor\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\",\"name\":\"WordPress Administrator\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"caption\":\"WordPress Administrator\"},\"sameAs\":[\"https:\\\/\\\/kevinjustin.com\"],\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/author\\\/wordpress_admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows Server 2016 vuln found in Security scans - Kevin Justin's Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/","og_locale":"en_US","og_type":"article","og_title":"Windows Server 2016 vuln found in Security scans - Kevin Justin's Blog","og_description":"FYI – came across this today with a customer where Security scans SCOM servers.   Please note this is NOT a SCOM issue or vulnerability, and SCOM uses TLS1.2 just fine.   Found CVE-2017-8529 vulnerability on a SCOM server, so though this a good idea to communicate to the larger audience, in case Security finds … Continue reading \"Windows Server 2016 vuln found in Security scans\"","og_url":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/","og_site_name":"Kevin Justin's Blog","article_published_time":"2020-03-24T19:28:26+00:00","article_modified_time":"2020-04-08T17:10:11+00:00","og_image":[{"url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2020\/03\/BlackPadlock-1-300x300.jpg","type":"","width":"","height":""}],"author":"WordPress Administrator","twitter_card":"summary_large_image","twitter_misc":{"Written by":"WordPress Administrator","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#article","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/"},"author":{"name":"WordPress Administrator","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"headline":"Windows Server 2016 vuln found in Security scans","datePublished":"2020-03-24T19:28:26+00:00","dateModified":"2020-04-08T17:10:11+00:00","mainEntityOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/"},"wordCount":234,"commentCount":0,"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2020\/03\/BlackPadlock-1-300x300.jpg","keywords":["CVE-2017-8529","regedit","registry key","scom 2016","scom2019","server 2016","windows 2016"],"articleSection":["Administration","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/","url":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/","name":"Windows Server 2016 vuln found in Security scans - Kevin Justin's Blog","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#primaryimage"},"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2020\/03\/BlackPadlock-1-300x300.jpg","datePublished":"2020-03-24T19:28:26+00:00","dateModified":"2020-04-08T17:10:11+00:00","author":{"@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"breadcrumb":{"@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#primaryimage","url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2020\/03\/BlackPadlock-1.jpg","contentUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2020\/03\/BlackPadlock-1.jpg","width":474,"height":474},{"@type":"BreadcrumbList","@id":"https:\/\/kevinjustin.com\/blog\/2020\/03\/24\/windows-server-2016-vuln-found-in-security-scans\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kevinjustin.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Windows Server 2016 vuln found in Security scans"}]},{"@type":"WebSite","@id":"https:\/\/kevinjustin.com\/blog\/#website","url":"https:\/\/kevinjustin.com\/blog\/","name":"Kevin Justin's Blog","description":"Operational monitoring tools including System Center, Azure Monitor","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kevinjustin.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508","name":"WordPress Administrator","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","caption":"WordPress Administrator"},"sameAs":["https:\/\/kevinjustin.com"],"url":"https:\/\/kevinjustin.com\/blog\/author\/wordpress_admin\/"}]}},"_links":{"self":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/6618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/comments?post=6618"}],"version-history":[{"count":1,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/6618\/revisions"}],"predecessor-version":[{"id":6620,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/6618\/revisions\/6620"}],"wp:attachment":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/media?parent=6618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/categories?post=6618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/tags?post=6618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}