Windows Server 2022 must be configured to ignore NetBIOS name release requests except from WINS servers.

An XCCDF Rule

Description

Configuring the system to ignore name release requests, except from WINS servers, prevents a denial of service (DoS) attack. The DoS consists of sending a NetBIOS name release request to the server for each entry in the server's cache, causing a response delay in the normal operation of the server's WINS resolution capability.

ID: SV-254338r958902_rule
Version: WN22-CC-000060
Severity: Low
References: CCI-002385
Updated: 6 days ago

Remediation Templates

Configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers to "Enabled".

This policy setting requires the installation of the MSS-Legacy custom templates included with the STIG package. "MSS-Legacy.admx" and "MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.

Windows Server 2022 must be configured to ignore NetBIOS name release requests except from WINS servers.

Description

Remediation Templates

A Manual Procedure