Skip to main content
All CollectionsRemediations
Microsoft Windows SMB NULL Session Authentication Vulnerability
Microsoft Windows SMB NULL Session Authentication Vulnerability
Alan Butcher avatar
Written by Alan Butcher
Updated over 2 years ago

The Microsoft Windows SMB Null Session Authentication Vulnerability when detected with a vulnerability scanner will report it as a CVSS 7.3.

CVSS is a scoring system for vulnerability systems, its an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:

Active Directory is a technology that offers authentication, authorization and auditing. Access is granted (authorized) after authentication. But what if you can get access to certain resources without authenticating.

That is exactly what a null session can achieve. When an SMB session is set up anonymously, or with a guest account, this is commonly referred to as an SMB null session. Connecting without credentials eats away at everything Active Directory stands for and yet many pentests or vulnerability scans will point out clearly that this is what Domain Controllers allow with default Operating System settings.

For Domain Controllers running Windows Server, run the following three lines in an elevated Windows PowerShell session to disable SMB null sessions:

New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name RestrictAnonymous -Value 1 -PropertyType DWORD -Force

New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name RestrictAnonymousSAM -Value 1 -PropertyType DWORD -Force

New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name EveryoneIncludesAnonymous -Value 0 -PropertyType DWORD -Force

Did this answer your question?