terapin vulnerability identification and remediation

Anonymous
2024-01-30T11:29:35+00:00

CVE-2023-48795.
is the new Vulnerability which is affecting the Windows servers targeting the SSH protocol.
Can someone advice or have the suggestion how to be prevent or to scan the vulnerability for the Terrapin Attack

Windows for business | Windows Server | Performance | System performance

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Anonymous
    2024-02-01T02:44:46+00:00

    Hello

    Thank you for bringing this to my attention. To prevent the Terrapin attack, you can follow these steps:

    1. Install the latest security updates from Microsoft for Windows Server.
    2. Disable the SSH protocol if it is not needed for your server.
    3. Use a firewall to block incoming SSH traffic from untrusted sources.
    4. Implement strong passwords and two-factor authentication for SSH access.
    5. Use intrusion detection and prevention systems to monitor for Terrapin attack attempts.

    To scan for the vulnerability, you can use a vulnerability scanner such as Microsoft's Baseline Security Analyzer (MBSA) or a third-party tool like Nessus. These tools can scan your system for known vulnerabilities and provide recommendations for remediation. It is important to regularly scan your system for vulnerabilities and apply security updates as soon as they become available.

    Best Regards,

    Wesley Li

    0 comments No comments
  2. Anonymous
    2024-02-05T07:41:59+00:00

    Hello

    Thank you for bringing this to my attention. To prevent the Terrapin attack, you can follow these steps:

    1. Install the latest security updates from Microsoft for Windows Server.
    2. Disable the SSH protocol if it is not needed for your server.
    3. Use a firewall to block incoming SSH traffic from untrusted sources.
    4. Implement strong passwords and two-factor authentication for SSH access.
    5. Use intrusion detection and prevention systems to monitor for Terrapin attack attempts.

    To scan for the vulnerability, you can use a vulnerability scanner such as Microsoft's Baseline Security Analyzer (MBSA) or a third-party tool like Nessus. These tools can scan your system for known vulnerabilities and provide recommendations for remediation. It is important to regularly scan your system for vulnerabilities and apply security updates as soon as they become available.

    Best Regards,

    Wesley Li

    Wesley Li,

    The instructions above are not a workable solution.

    OpenSSH is shipped with the Windows Server Operating system and many customers are using it in their environment.

    1. Currently, there is no patch available from Microsoft to address the Terrapin vulnerability so option 1 is not a solution.
    2. When certain customer services rely on the use of SSH Option 2 and 3 are both not an option or workable solution.
    3. Option 4 is not a solution
    4. Option 5 - while best practice is still not resolving the matter.

    It is irresponsible for Microsoft to be aware of the issue and not provide either of the following:

    1. Clear instructions that could be used to mitigate the vulnerability. If this is an upgrade then provide clear instructions to do so.
    2. Release a patch that would solve the issue.

    Regards

    10 people found this answer helpful.
    0 comments No comments
  3. Anonymous
    2024-02-25T20:17:15+00:00

    JFrog has a decent article on this vulnerability and some solutions.

    SSH Protocol Flaw CVE-2023-48795 Terrapin Attack: All You Need To Know (jfrog.com)

    We ran into this during a scan because our server had outdated versions of WinSCP, SecureCRT, and PuTTY... tripple whammy. Terrapin Attack - Patches (terrapin-attack.com) <--- this site has a nice list of affected versions and their patches. GL!

    2 people found this answer helpful.
    0 comments No comments
  4. Anonymous
    2025-01-28T11:58:38+00:00

    what is the patch released by Microsoft?

    0 comments No comments