Share via

Vulnerabilities on 'Azure Stack HCI' Cluster nodes | Need help

PANKAJ VISHWAKARMA 20 Reputation points
2024-12-31T10:33:43.6+00:00

Hi,

We have a production Azure Stack HCI v22H2 platform that hosts customers’ critical workloads.

We recently received vulnerability scan results for HCI nodes, showing the following vulnerabilities as security threats that we need to remediate ASAP-

High

  • SSL Medium Strength Cipher Suites Supported (SWEET32)                          

Medium

  • TLS Version 1.0 Protocol Detection
  • TLS Version 1.1 Deprecated Protocol
  • SMB Signing not required                           

Low

  • ICMP Timestamp Request Remote Date Disclosure

Now we need support from Microsoft on the following for HCI platform-

1.      Impact Assessment:

a.      What would be the impact of remediating these vulnerabilities on the HCI platform?

b.      Could there be any operational issues regarding communication between HCI nodes, Active Directory servers, SCVMM, or Windows Admin Center (WAC)?

c.       Are there any other potential issues we should anticipate?

2.      Remediation Procedure:

a.      Do you recommend any specific procedures for addressing these vulnerabilities on the Azure Stack HCI platform?

Azure Stack HCI
Azure Stack HCI
A hyperconverged infrastructure operating system delivered as an Azure service that provides security, performance, and feature updates.
385 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,880 questions
Accepted answer
  1. Akshay kumar Mandha 1,880 Reputation points Microsoft Vendor
    2024-12-31T19:43:07.1233333+00:00

    Hi PANKAJ VISHWAKARMA,
    Thanks for reaching out to Microsoft Q&A.
    We understand your concern based upon your query to address the issue
    Upgrade SSL/TLS Protocols all applications and services supported version fix the issue

    Make sure regular updates that your Azure Stack HCI is regularly updated with the latest patches and security updates from Microsoft.

    Configuration Management Ensure all configurations are backed up prior to changes. This will facilitate quick recovery if any issues arise post-remediation.

    Downtime issue may arise
    Make the backup all the things. By upgrade may cause performance issues or downtime. Disabling old TLS versions could impact compatibility, especially with legacy systems. Some changes might also require scheduled maintenance, disrupting services.

    Disabling TLS 1.0 and 1.1 could affect communication between HCI nodes, Active Directory, SCVMM, and WAC, so ensure all systems are compatible with the new protocols before proceeding.

    Note: - Before making any changes Please test steps in testing environment to identify potential issues before applying them to production.

    Please refer the documentation about more security
    Azure Stack HCI security considerations
    Version security update Azure Stack HCI, version 22H2 release information
    https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
    Blog
    Consistently upgrade your server TLS protocol using Azure Arc and Automanage Machine Configuration

    Please let me know if you have any further query

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.