Share via

Many Vulnerability found in a Active Directory server

Anonymous
2023-08-28T08:38:07+00:00

1.)Weak SSL/TLS Key Exchange
2.)  Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

3.) Default Windows Administrator Account Name Present
4.) Internal/Private DNS Server's DNS Hierarchy Traced

Please help how to identify and resolve these Vulnerability

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-29T06:07:03+00:00

    Hello ApoorvaPawnikar,

    Thank you for posting in Microsoft Community forum.

    Based on the description, I understand you have detected Vulnerability on Domain Controller.

    To better understand your question, please confirm the information below so that we can help you better.

    1.Would you please tell us how you detected/found these Vulnerability on Domain Controller? Use any Microsoft tool or third-part tool or any program?

    2.If you use any Microsoft tool or third-part tool or any program, did you run the tool or program on this Domain Controller?

    3.What operating system of your Domain Controller?

    4.Have you installed the latest updates on this Domain Controller?

    Note:
    1.Asking multiple questions in the same thread can make us confuse the questions and affect the efficiency of replies.

    2.So in order to make our questions not be confused and make the efficiency of replies not be affected, we suggest that one thread only discuss/answer one question.
    3.I suggest you divide your questions into different questions and post additional questions in different new threads.

    Now I will try my best to help you with the first question in this thread.
    1.Weak SSL/TLS Key Exchange

    Some applications or programs installed on the Domain Controller or on your domain machines are using weak SSL/TLS Key Exchange or weak cipher suits.

    I suggest you can find them and to delete/ remove them if possible. Remember you must check if the weak SSL/TLS Key Exchange or weak cipher suits will affect your AD environment before you delete/ remove, if there is any affection, you can not delete/ remove them.

    Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps | Microsoft Learn

    I hope the information above is helpful. If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments