Microsoft Windows 11 STIG Version Comparison

There are 6 differences between versions v1 r4 (June 7, 2023) (the "left" version) and v1 r6 (May 15, 2024) (the "right" version).

Check WN11-00-000395 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

Windows 11 must not have portproxy enabled or in use.

Check Content

Check the registry key for existence of proxied ports: HKLM\SYSTEM\CurrentControlSet\Services\PortProxy\. If the key contains v4tov4\tcp\ or is populated v4tov4\tcp\, this is a finding. Run "netsh interface portproxy show all". If the command displays any results, this is a finding.

Discussion

Having portproxy enabled or configured in Windows 10 could allow a man-in-the-middle attack.

Fix

Contact the Administrator to run "netsh interface portproxy delete" with elevation. Remove any enabled portproxies that may be configured.