17 February 2026

FSTEC has published recommendations for fixing software configuration errors

The use of weak user passwords, which creates threats of brute force attacks and account compromise. The absence of mandatory authentication for accessing databases (which creates threats of unauthorized access and information leakage). The Windows operating system uses the outdated SMBv1 protocol, which creates threats of unauthorized access attacks. Windows also uses the outdated NTLMv1 protocol, which creates threats of unauthorized access attacks. The presence of a "Guest" account in the local "Administrators" group: creates a threat of unauthorized access with elevated privileges. Storing credentials in plain text: creates a threat of authentication data leakage. The presence of open, unused ports: creates a threat of their use by attackers. Activated automatic user login to the server