Need Solution to Terrapin Vulnerability CVE-2023-48795 in Windows OpenSSH implementation

Sean Haynes 0 Reputation points
2024-02-05T17:02:05.67+00:00

We are using the Microsoft Provided OpenSSH Server implementation on a Windows Server 2022 instance and this vulnerability remains open even though there appears to be patches available to correct the issue. Is Microsoft planning on releasing a patch or instructions for https://nvd.nist.gov/vuln/detail/CVE-2023-48795

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,191 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,848 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 33,006 Reputation points
    2024-02-05T21:10:40.3066667+00:00

    Hi

    For the moment that's not currently planned .

    The impact of the attack is fortunately very limited, but these are the two options to fully mitigate the vulnerability:

    • Upgrade to the latest Win32-OpenSSH release.
    • For existing Win32-OpenSSH releases, disable the vulnerable ciphers via ssh_config and sshd_config.

    https://github.com/PowerShell/Win32-OpenSSH/issues/2189

    Please don’t forget helpful answer

    1 person found this answer helpful.
    0 comments No comments

  2. Julius Bairaktaris 5 Reputation points
    2024-03-02T23:00:23.82+00:00

    Hey,

    I have created a PS script that implements these mitigations. You can find it here: https://github.com/JuliusBairaktaris/Harden-Windows-SSH

    Kind Regards

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.