Azure Stack HCI
A hyperconverged infrastructure operating system delivered as an Azure service that provides security, performance, and feature updates.
385 questions
Vulnerabilities on 'Azure Stack HCI' Cluster nodes | Need help
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 57.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
PANKAJ VISHWAKARMA
0
Reputation points
Hi,
We have a production Azure Stack HCI v22H2 platform that hosts customers’ critical workloads.
We recently received vulnerability scan results for HCI nodes, showing the following vulnerabilities as security threats that we need to remediate ASAP-
High
- SSL Medium Strength Cipher Suites Supported (SWEET32)
Medium
- TLS Version 1.0 Protocol Detection
- TLS Version 1.1 Deprecated Protocol
- SMB Signing not required
Low
- ICMP Timestamp Request Remote Date Disclosure
Now we need support from Microsoft on the following for HCI platform-
1. Impact Assessment:
a. What would be the impact of remediating these vulnerabilities on the HCI platform?
b. Could there be any operational issues regarding communication between HCI nodes, Active Directory servers, SCVMM, or Windows Admin Center (WAC)?
c. Are there any other potential issues we should anticipate?
2. Remediation Procedure:
a. Do you recommend any specific procedures for addressing these vulnerabilities on the Azure Stack HCI platform?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Akshay kumar Mandha 1,655 Reputation points Microsoft Vendor2024-12-31T19:43:07.1233333+00:00 Hi PANKAJ VISHWAKARMA,
Thanks for reaching out to Microsoft Q&A.
We understand your concern based upon your query to address the issue
Upgrade SSL/TLS Protocols all applications and services supported version fix the issueMake sure regular updates that your Azure Stack HCI is regularly updated with the latest patches and security updates from Microsoft.
Configuration Management Ensure all configurations are backed up prior to changes. This will facilitate quick recovery if any issues arise post-remediation.
Downtime issue may arise
Make the backup all the things. By upgrade may cause performance issues or downtime. Disabling old TLS versions could impact compatibility, especially with legacy systems. Some changes might also require scheduled maintenance, disrupting services.Disabling TLS 1.0 and 1.1 could affect communication between HCI nodes, Active Directory, SCVMM, and WAC, so ensure all systems are compatible with the new protocols before proceeding.
Note: - Before making any changes Please test steps in testing environment to identify potential issues before applying them to production.
Please refer the documentation about more security
Azure Stack HCI security considerations
Version security update Azure Stack HCI, version 22H2 release information
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
Blog
Consistently upgrade your server TLS protocol using Azure Arc and Automanage Machine ConfigurationPlease let me know if you have any further query
-
Akshay kumar Mandha 1,655 Reputation points Microsoft Vendor
2025-01-02T17:29:01.9533333+00:00 Hi PANKAJ VISHWAKARMA,
If you get chance, please review my comment let me know if you have any question, please tag me in comment
Thank you..!
Sign in to comment
Sign in to answer