26cbf73b-1296-4dfa-bad1-8d0d4c9a2954
Configuring the system to ignore name release requests, except from WINS servers, prevents a denial of service (DoS) attack. The DoS consists of sending a NetBIOS name release request to the server for each entry in the server's cache, causing a response delay in the normal operation of the server's WINS resolution capability.
To fix this configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MSS (Legacy)
|_ MSS: (NoNameReleaseOnDemand)
|_ Allow the computer to ignore NetBIOS name release requests except from WINS servers to "Enabled".
This policy setting requires the installation of the MSS-Legacy custom template.
"MSS-Legacy.admx" and " MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
Files are available at EventSentry GitHub Repository at: https://github.com/eventsentry/resources
STIG: Server
2022: https://system32.eventsentry.com/stig/viewer/V-254338
2019: https://system32.eventsentry.com/stig/viewer/V-205819
2016: https://system32.eventsentry.com/stig/viewer/V-224919
Desktop
W11: https://system32.eventsentry.com/stig/viewer/V-253356
W10: https://system32.eventsentry.com/stig/viewer/V-220798
NIST 800-53 : CM-6, CM-7, SC-5
NIST 800-171: 3.4.6, 3.13.1
CMMC v2.0 L2: CM.L2-3.4.6, SC.L2-3.13.1
PCI-DSS v4.0: 2.2.1
HIPAA SR : ยง164.312(e)(1)
HIPAA HICP : Practice 6 (Network Management)
Manage your cookie preferences below:
To learn more about our use of cookies, please see our
Privacy Policy.