Check: WN11-00-000395
Microsoft Windows 11 STIG:
WN11-00-000395
(in versions v2 r2 through v1 r5)
Title
Windows 11 must not have portproxy enabled or in use. (Cat II impact)
Discussion
Having portproxy enabled or configured in Windows 10 could allow a man-in-the-middle attack.
Check Content
Check the registry key for existence of proxied ports: HKLM\SYSTEM\CurrentControlSet\Services\PortProxy\. If the key contains v4tov4\tcp\ or is populated v4tov4\tcp\, this is a finding. Run "netsh interface portproxy show all". If the command displays any results, this is a finding.
Fix Text
Contact the Administrator to run "netsh interface portproxy delete" with elevation. Remove any enabled portproxies that may be configured.
Additional Identifiers
Rule ID: SV-257592r991589_rule
Vulnerability ID: V-257592
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |