Windows Server 2008 R2 PCI Compliance fails because of RDP
Hello experts!
I am trying to make my server PCI compliant I am almost there, but stuck with this - CVE20051794, Microsoft RDP Protocol Hardcoded RSA Private Key Weakness. I researched a lot regarding this and none of the articles were clear, everyone was saying
just to disable RDP and use third party apps. My server is in a virtual environment and I am not thinking of disabling RDP. Could someone please let me know how to fix this?
Thank you in advance,
-- Best Regards | Arun V | http://twitter.com/arunv707
November 19th, 2012 11:22pm
Hi,
Thanks for posting in Microsoft TechNet forums.
Please check the article below to see if it can be helpful:
Configuring authentication and encryption
http://technet.microsoft.com/en-us/library/cc782610.aspx
Have a nice day.
Regards
Kevin
Free Windows Admin Tool Kit Click here and download it now
November 21st, 2012 9:18pm
Hi,
Thanks for posting in Microsoft TechNet forums.
Please check the article below to see if it can be helpful:
Configuring authentication and encryption
http://technet.microsoft.com/en-us/library/cc782610.aspx
Have a nice day.
Regards
Kevin
November 22nd, 2012 5:17am
I have gone through that article and have installed a self signed certificate, the PCI scan still failed. I am trying to make my Windows Server 2008 R2 server PCI Compliant. However, even after installing so many patches and altering configurations, I
am stuck at fixing this one last issue. You may check the screenshot of my PCI scan here -- http://d.pr/i/uuJD
I suspect this can be fixed by installing a trusted computer certificate. If so, could you please let me know if you have any recommendation for the same.
-- Best Regards | Arun V | http://twitter.com/arunv707
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2012 6:57am
On Tue, 27 Nov 2012 03:57:53 +0000, arunv707 wrote:
???I have gone through that article and have installed a self signed certificate, the PCI scan still failed. I am trying to make my Windows Server 2008 R2 server PCI Compliant. However, even after installing so many patches and altering configurations, I
am stuck at fixing this one last issue. You may check the screenshot of my PCI scan here --
http://d.pr/i/uuJD?????
I'd start by going back to the vendor of the PCI compliance scanning
software you're using. From what I know, that vulnerability hasn't been an
issue since the release of Server 2008.
http://technet.microsoft.com/en-us/library/cc770833.aspx
Paul Adare
MVP - Forefront Identity Manager
http://www.identit.ca
LISP: To call a spade a thpade.
November 27th, 2012 10:38am
On Tue, 27 Nov 2012 03:57:53 +0000, arunv707 wrote:
???I have gone through that article and have installed a self signed certificate, the PCI scan still failed. I am trying to make my Windows Server 2008 R2 server PCI Compliant. However, even after installing so many patches and altering configurations, I
am stuck at fixing this one last issue. You may check the screenshot of my PCI scan here --
http://d.pr/i/uuJD?????
I'd start by going back to the vendor of the PCI compliance scanning
software you're using. From what I know, that vulnerability hasn't been an
issue since the release of Server 2008.
http://technet.microsoft.com/en-us/library/cc770833.aspx
Paul Adare
MVP - Forefront Identity Manager
http://www.identit.ca
LISP: To call a spade a thpade.
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2012 10:38am