18.4.1 (L1) Ensure 'Configure RPC packet level privacy setting for incoming connections' is set to 'Enabled'

Information

This policy setting controls packet level privacy for Remote Procedure Call (RPC) incoming connections.

The recommended state for this setting is: Enabled

A security bypass vulnerability (

CVE-2021-1678 | Windows Print Spooler Spoofing Vulnerability

) exists in the way the Printer RPC binding handles authentication for the remote Winspool interface. Enabling the RPC packet level privacy setting for incoming connections enforces the server-side to increase the authentication level to minimize this vulnerability.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\MS Security Guide\Configure RPC packet level privacy setting for incoming connections

Note: This Group Policy path does not exist by default. An additional Group Policy template ( SecGuide.admx/adml ) is required - it is available from Microsoft at

this link

.

Impact:

None - this is default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/17129

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: a87a448455fdbbb6115428c6ea1bbfb84fafff8b5bc8481fa6bf44994ea96bcf