[原文]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NETBIOS is running."
Microsoft Windows NetBIOS Remote Host Information Disclosure
Remote / Network Access
Loss of Confidentiality
Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when NetBIOS port 137 (UDP) is open and responds to wildcard requests. By sending such a request, an attacker may be able to disclose the computer name, workgroup, domain name, file server service and MAC address.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Block inbound connections to port 137 (UDP).