I have 8 different Windows Server 2016 and 2019 Virtual Machines in one of my Azure subscriptions.
Of these, 7 of them report a fail on the 90044-Allowed Null Session check in Azure Security Centre as shown here:
The CVE links go to information that is either unrelated or so ridiculously out of date it's older than Methuselah.
When following the links in the 'Remediation' section, the first one goes 404 and the second one take me to an eons-old Server 2000 Documentation link that recommends setting a specific Registry entry. This setting is already present and configured as recommended by default.
I've done some Googling around and found this Windows 10 link which has instructions on configuring the setting in GP, again this is configured as recommended on all VMs. Also found this from Blumira which has a more detailed run down of additional Registry and Group Policy settings that should be applied. I can confirm that all servers are configured as per the recommendations here as well.
So my question is on what criteria is this recommendation appearing, and how so I configure my VMs to satisfy the requirements of this recommendation?
Any help would be very greatly appreciated, this is making a significant dent in my ASC score (6 points, or -10%)
I have found the answer to this, there is a registry entry that was not set as required on the affected machines:
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
This is defaulted to '0' on all affected VMs, set this to '1' (Null sessions can not be used to enumerate shares) and the machines will then pass the requirements for the check.
Any/all other settings to pass this check appear to be as required by default on the standard Windows Server 2016/2019 images used in Azure.