Skip to content

joshcybertest/programmatic-vulnerability-remediations

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
scripts
scripts
 
 
README.md
README.md
 
 

Repository files navigation

Programmatic Vulnerability Remediations

Remediations Table

Tenable PluginID CVE Description Language Link
N/A N/A Windows OS Updates - Re-enable Automatic Updates Shell View Remediation
N/A N/A Guest Account Group Membership - Remove from Administrators & Disable Shell View Remediation
56710 N/A Wireshark / Ethereal Unsupported Version Detection - Force Remove PowerShell View Remediation
57608 N/A SMB Signing Not Required - Re-enable SMB Signing PowerShell View Remediation
58453 N/A Terminal Services Doesn't Use Network Level Authentication (NLA) Only PowerShell View Remediation
63478 N/A Microsoft Windows LM / NTLMv1 Authentication Enabled Shell View Remediation

Remediation Commands

1. Windows OS Updates - Re-enable Automatic Updates

Run in Command Prompt (Admin):

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v ScheduledInstallDay /t REG_DWORD /d 0 /f; reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 0 /f; reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 4 /f

Verify with:

reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"

2. Guest Account Group Membership - Remove from Administrators & Disable

Run in Command Prompt (Admin) one at a time:

net localgroup Administrators Guest /delete
net user Guest /active:no

3. Wireshark / WinPcap - Force Remove

PowerShell script: wireshark-winpcap-force-remove.ps1

Run directly as Administrator:

Invoke-WebRequest -Uri "https://raw.githubusercontent.com/kenbananola/ken-remediation-scripts/main/wireshark-winpcap-force-remove.ps1" -OutFile "$env:TEMP\wireshark-remove.ps1"; PowerShell -ExecutionPolicy Bypass -File "$env:TEMP\wireshark-remove.ps1"

4. SMB Signing - Re-enable

Run in PowerShell (Admin):

Set-SmbServerConfiguration -RequireSecuritySignature $true -EnableSecuritySignature $true -Force

Verify with:

Get-SmbServerConfiguration | Select RequireSecuritySignature, EnableSecuritySignature

Both values should return True.

5. RDP Network Level Authentication - Re-enable NLA

Run in PowerShell (Admin):

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Value 1 -Force

Verify with:

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication"

UserAuthentication should return 1.

6. Weak LAN Manager Authentication Level - Restore to Secure Default

Run in Command Prompt (Admin):

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LmCompatibilityLevel /t REG_DWORD /d 5 /f

Verify with:

reg query "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LmCompatibilityLevel

It should return 0x5.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

24 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages