I'm dealing with a recurring issue where multiple machines on my network are being flagged for CVE-1999-0524, which is related to ICMP Timestamp Request Remote Date Disclosure. We're using Windows Defender along with the Windows Firewall. I've attempted to add firewall rules to block these requests, but after a rescan, the vulnerability keeps coming back. Here are the commands I used to add the rules:
1. Block ICMPv4 Timestamp Request (Incoming) for protocol 13
2. Block ICMPv4 Timestamp Request (Incoming) for protocol 14
3. Block ICMPv4 Timestamp Request (Outgoing) for protocol 13
4. Block ICMPv4 Timestamp Request (Outgoing) for protocol 14
If anyone has advice on how to effectively resolve this issue, I'd really appreciate it! Also, here's a reference link for more context: [ICMP Timestamp Request Remote Date Disclosure | Tenable™](https://www.tenable.com/plugins/nessus/10114)
3 Answers
Just a heads up, the link you shared rates this vulnerability as low severity. Do you really need to fix it? For many compliance standards like PCI, low issues typically don't require remediation, but if your client insists, that's a different story. Just make sure you really need to tackle this one.
If this is a big issue for you, kudos for tackling it! Just remember, your firewall settings could be allowing your vulnerability scanner to access these ICMP requests even when blocked for other traffic. It might look like it's still there because of that. Double-check your firewall rules, or consider it a false positive if that's the case.
Honestly, unless you've got Windows 7 or Server 2008 R2 machines, you might not even need to worry about this. The timestamps from those versions are intentionally incorrect but generally only off by about 1000 seconds. Could this be a case where you're chasing shadows?
I totally hear you! But I've seen Nessus flagging this across various systems, not just the older versions. It's misleading and we might need to escalate this with Tenable to clear up the confusion.
Absolutely, while it may be low-risk, our client is pretty particular about keeping everything clean. We're well beyond the risk assessment stage and focused on remediation now.