terapin vulnerability identification and remediation

Question

CVE-2023-48795.
is the new Vulnerability which is affecting the Windows servers targeting the SSH protocol.
Can someone advice or have the suggestion how to be prevent or to scan the vulnerability for the Terrapin Attack

Answer 1

Hello

Thank you for bringing this to my attention. To prevent the Terrapin attack, you can follow these steps:

1. Install the latest security updates from Microsoft for Windows Server.
2. Disable the SSH protocol if it is not needed for your server.
3. Use a firewall to block incoming SSH traffic from untrusted sources.
4. Implement strong passwords and two-factor authentication for SSH access.
5. Use intrusion detection and prevention systems to monitor for Terrapin attack attempts.

To scan for the vulnerability, you can use a vulnerability scanner such as Microsoft's Baseline Security Analyzer (MBSA) or a third-party tool like Nessus. These tools can scan your system for known vulnerabilities and provide recommendations for remediation. It is important to regularly scan your system for vulnerabilities and apply security updates as soon as they become available.

Best Regards,

Wesley Li

Answer 2

Hello

Thank you for bringing this to my attention. To prevent the Terrapin attack, you can follow these steps:

1. Install the latest security updates from Microsoft for Windows Server.
2. Disable the SSH protocol if it is not needed for your server.
3. Use a firewall to block incoming SSH traffic from untrusted sources.
4. Implement strong passwords and two-factor authentication for SSH access.
5. Use intrusion detection and prevention systems to monitor for Terrapin attack attempts.

To scan for the vulnerability, you can use a vulnerability scanner such as Microsoft's Baseline Security Analyzer (MBSA) or a third-party tool like Nessus. These tools can scan your system for known vulnerabilities and provide recommendations for remediation. It is important to regularly scan your system for vulnerabilities and apply security updates as soon as they become available.

Best Regards,

Wesley Li

Wesley Li,

The instructions above are not a workable solution.

OpenSSH is shipped with the Windows Server Operating system and many customers are using it in their environment.

1. Currently, there is no patch available from Microsoft to address the Terrapin vulnerability so option 1 is not a solution.
2. When certain customer services rely on the use of SSH Option 2 and 3 are both not an option or workable solution.
3. Option 4 is not a solution
4. Option 5 - while best practice is still not resolving the matter.

It is irresponsible for Microsoft to be aware of the issue and not provide either of the following:

1. Clear instructions that could be used to mitigate the vulnerability. If this is an upgrade then provide clear instructions to do so.
2. Release a patch that would solve the issue.

Regards

Answer 3

JFrog has a decent article on this vulnerability and some solutions.

SSH Protocol Flaw CVE-2023-48795 Terrapin Attack: All You Need To Know (jfrog.com)

We ran into this during a scan because our server had outdated versions of WinSCP, SecureCRT, and PuTTY... tripple whammy. Terrapin Attack - Patches (terrapin-attack.com) <--- this site has a nice list of affected versions and their patches. GL!

Answer 4

what is the patch released by Microsoft?