Professional Documents
Culture Documents
ACTIVITY REPORT
Case No: 22310
CLIENT INFORMATION
Client Name: Manulife Philippines
Site Address: 8th Floor NEX Tower, 6786 Ayala Ave, Makati, 1229
Contact Person: Carlito F. Mamarlao
Contact Number: +639277380754 Email Address: carlito_mamarlao@manulife.com
Reference SAR No.:
PURPOSE
Project Implementation/HAT/
Preventive Maintenance System Health Check
Site Survey
Move, Add & Change Equipment Inventory ON CALL
ENGINEER INFORMATION
Name: Carlo Louie M Ortuoste
Division: BSG Department: SSBSG
Activity Start Date: 30 April 2021 Activity Start Time: 0800H
Activity End Date: 30 April 2021 Activity End Time: 1800H
EQUIPMENT DETAILS
Part/Material Code/Dongle/ System ID Serial Number Remarks
MLISPHSRVR021DC 10.42.80.32
CASE STATUS
(Kindly provide EXPLANATION on the Case Status Selected in the Remarks Field below. Such explanation should answer WHY or HOW such case status was
selected)
Case Code Code Description Remarks
CLO Closed
DESCRIPTION OF ACTIVITY
• CVE-2021-1636 patching for SQL Server 2016 version 13.0.5026
• CVE-2020-1455 patching for SQL Server Management Studio to 15.0.1834.0
• OS Hardening via Windows Local Group Policy Editor and Registry Editor
ACTIONS TAKEN
Actions taken during the scheduled activity:
Check the update summary by using the scroll-bar on the right-side, afterwards click Update.
SQL Server 2016 patch operation was completed. All features listed under the patch must result
as Succeeded after the installation. Then click Close to finish the process.
Open SQL Server Management Studio 18, login onto the server using any authentication
method and then proceed to New Query, type “SELECT @@VERSION” then click Execute
For the changes to take effect prior to SSMS patching, proceed to system reboot. Click Restart.
After system reboot, open SQL Server Management Studio (SSMS) then go to Help Tab
and select About to display the system version.
Run the command “gpedit” to open the Local Group Policy Editor.
Listed below are the items that were configured using Local Group Policy Editor:
• Interactive logon: message title for users attempting to log on
• Network Access: Do not allow anonymous enumeration of SAM accounts and share
• Network security: allow local system to use computer identity for NTLM
• Network security: Allow PKU2U authentication request to this computer to use online
identities
• Network security: Minimum session security for NTLM SSP based (including secure RPC)
server
• Audit SAM
B. Registry Editor
On Start Menu, type Run
To back-up the current configuration of Registry Editor, right-click Computer, then select Export.
Input the file name for the registry back-up and then click Save.
Below is the image of the completed registry keys created under SCHANNEL / Ciphers directory for
MLISPHSRVR021DC server:
• The Windows Powershell window will be displayed. Enter the command “Get-
WindowsOptionalFeature -Online -FeatureName smb1protocol” to determine the status of the
said protocol.
Image below will also be shown during the disablement of the smb1protocol :
• After the system boot, do the same procedure again to check the status of the smb1protocol
FINDINGS
• NOTE: Some items that were listed on the OS Hardening spreadsheet file were not configured as verified with
the client during the said activity. Mostly pertains to password policies and remote desktop connection
configurations that were both seemed vital due to current work-from-home situation whereas they access the
said server remotely.
• NOTE: On the other hand, for the Vulnerability Assessment remediation, only CVEs 2021-1636 and 2020-1455
were accommodated and patched because the client’s Windows 2016 Server is currently updated to the latest
version. Further attempts to install other vulnerability patches resulted into several “patch is not applicable” as
stated previously that the system is up to date.
RECOMMENDATIONS
N/A