Incorrect "remediate security configuration" AZ-WIN-00145

%3CLINGO-SUB%20id%3D%22lingo-sub-1491747%22%20slang%3D%22en-US%22%3EIncorrect%20%22remediate%20security%20configuration%22%20AZ-WIN-00145%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1491747%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWithin%20%22Remediate%20security%20configurations%22%20I%20have%20an%20entry%20for%20this%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%3CSPAN%3ENAME%3C%2FSPAN%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3EEnsure%20'Turn%20off%20multicast%20name%20resolution'%20is%20set%20to%20'Disabled'%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3E%3CSPAN%3ECCEID%3C%2FSPAN%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3EAZ-WIN-00145%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3E%3CSPAN%3EOS%20VERSION%3C%2FSPAN%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3EWindows%20Server%202016%20Datacenter%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3E%3CSPAN%3ERULE%20SEVERITY%3C%2FSPAN%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3EWarning%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3E%3CSPAN%3EFULL%20DESCRIPTION%3C%2FSPAN%3E%3C%2FTD%3E%3CTD%3E%3CSPAN%3ELLMNR%20is%20a%20secondary%20name%20resolution%20protocol.%20With%20LLMNR%2C%20queries%20are%20sent%20using%20multicast%20over%20a%20local%20network%20link%20on%20a%20single%20subnet%20from%20a%20client%20computer%20to%20another%20client%20computer%20on%20the%20same%20subnet%20that%20also%20has%20LLMNR%20enabled.%20LLMNR%20does%20not%20require%20a%20DNS%20server%20or%20DNS%20client%20configuration%2C%20and%20provides%20name%20resolution%20in%20scenarios%20in%20which%20conventional%20DNS%20name%20resolution%20is%20not%20possible.%20The%20recommended%20state%20for%20this%20setting%20is%3A%20%60Enabled%60.%3C%2FSPAN%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20do%20have%20the%20configuration%20set%20to%20%22Enabled%22%2C%20as%20described%20by%20the%20%22Full%20Description%22%20but%20the%20rule%20itself%20wants%20it%20to%20be%20disabled%20i.e.%20the%20rule%20doesn't%20match%20the%20vulnerability...%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20else%20getting%20this%20or%20know%20why%20it%20might%20be%20coming%20up%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1491747%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Security%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1512227%22%20slang%3D%22en-US%22%3ERe%3A%20Incorrect%20%22remediate%20security%20configuration%22%20AZ-WIN-00145%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1512227%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20raised%20a%20support%20ticket%20with%20Azure%2C%20will%20report%20back%20here%20the%20findings.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

Within "Remediate security configurations" I have an entry for this

 

NAMEEnsure 'Turn off multicast name resolution' is set to 'Disabled'
CCEIDAZ-WIN-00145
OS VERSIONWindows Server 2016 Datacenter
RULE SEVERITYWarning
FULL DESCRIPTIONLLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible. The recommended state for this setting is: `Enabled`.

 

I do have the configuration set to "Enabled", as described by the "Full Description" but the rule itself wants it to be disabled i.e. the rule doesn't match the vulnerability... 

 

Anyone else getting this or know why it might be coming up?

 

Thanks

 

1 Reply

I've raised a support ticket with Azure, will report back here the findings.