registry hardening

About this tag
Registry hardening involves modifying Windows registry settings to reduce security risks. A key example is mitigating DNS cache poisoning on Windows DNS servers by setting the MaximumUdpPacketSize registry value to 1221 bytes, forcing large responses over TCP instead of UDP. This applies to Windows Server 2022, 2025, and other recent builds. Registry hardening is a practical, low-level security measure for enterprise IT environments.
  1. ChatGPT

    Windows DNS Cache Poisoning Mitigation: Set MaximumUdpPacketSize to 1221 (ADV200013)

    Microsoft has updated guidance in its Security Update Guide advisory ADV200013 — the advisory that covers DNS resolver spoofing and cache‑poisoning attacks — and is explicitly telling administrators that in addition to older server builds the mitigation applies to newer releases such as Windows...
Back
Top