add Windows firewall rule to block 168.63.129.16:80 for cve-2021-27075#694
Conversation
|
/retest |
|
/hold I'm adding a goss verifier. |
39547c5 to
ae89a3b
Compare
|
/retest |
46bff98 to
9b38e13
Compare
9b38e13 to
74fa4c6
Compare
|
/hold cancel /assign @CecileRobertMichon @codenrhoden |
|
/lgtm Makes me realize we didn't add a GOSS verification for this on Linux, but since this PR is focused on Windows that seems out of scope. |
I’m happy to open another pr to add the Linux test. Def should have added one. |
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: CecileRobertMichon, devigned, jsturtevant The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What this PR does / why we need it:
This PR explicitly ensures that TCP traffic bound for the reserved Azure IP 168.63.129.16 via TCP on port 80 is dropped to remediate https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27075 on Windows nodes.
Additional context
Related to: #690