This advisory, based on assessments by NSA and CISA teams, highlights ten common network misconfigurations with potential security risks across various sectors. The misconfigurations range from default settings to insufficient security measures. The focus is mainly on Microsoft Windows and Active Directory environments, but similar issues may be found in other environments. The identified misconfigurations are as follows:

• Default Configurations of Software and Applications: Default credentials pose a significant risk, often exploited by malicious actors.

• Improper Separation of User/Administrator Privilege: Over-privileged accounts can grant unauthorized access, increasing risk exposure.

• Insufficient Internal Network Monitoring: Inadequate host and network sensor configurations can lead to undetected compromises.

• Lack of Network Segmentation: Absence of security boundaries can allow adversaries to move freely within a network.

• Poor Patch Management: Failure to apply patches and updates can expose systems to known vulnerabilities.

• Bypass of System Access Controls: Compromised authentication methods can enable unauthorized access.

• Weak or Misconfigured MFA Methods: Vulnerable MFA methods may be exploited by threat actors.

• Insufficient ACLs on Network Shares and Services: Inadequate access controls on data shares can lead to unauthorized access.

• Poor Credential Hygiene: Weak passwords and cleartext disclosures can facilitate unauthorized access.

• Unrestricted Code Execution: Allowing unverified programs to run can open up networks to malicious payloads.

The advisory emphasizes the importance of addressing these misconfigurations to enhance cybersecurity posture. Additionally, it provides specific examples and scenarios to illustrate potential risks associated with each misconfiguration.

Network owners and operators are urged to conduct thorough assessments and implement necessary countermeasures to mitigate these risks.