Navigate

Check: WN10-00-000395

Microsoft Windows 10 STIG: WN10-00-000395 (in versions v2 r9 through v2 r8)

Title

Windows 10 must not have portproxy enabled or in use. (Cat II impact)

Discussion

Having portproxy enabled or configured in Windows 10 could allow a man-in-the-middle attack.

Check Content

Check the registry key for existence of proxied ports: HKLM\SYSTEM\CurrentControlSet\Services\PortProxy\. If the key contains v4tov4\tcp\ or is populated v4tov4\tcp\, this is a finding. Run "netsh interface portproxy show all". If the command displays any results, this is a finding.

Fix Text

Contact the Administrator to run "netsh interface portproxy delete" with elevation. Remove any enabled portproxies that may be configured.

Additional Identifiers

Rule ID: SV-257593r922061_rule

Vulnerability ID: V-257593

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality