The File System Object component, if not required, must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13700 | WA000-WI100 IIS6 | SV-38151r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Some COM components are not required for most applications and should be removed if possible. Most notably, consider disabling the File System Object component; however, this will also remove the Dictionary object. Be aware some programs may require components that are being disabled, so it is highly recommended this be tested completely before implementing on your production Web servers. |
| STIG | Date |
|---|---|
| IIS6 Server | 2015-06-01 |
Details
| Check Text ( C-37521r4_chk ) |
|---|
| Query the SA or Web Manager to determine if the File System Object is required. If it is, the ISSO will need to document this requirement. Check for the existence of the following registry keys. If either of the following keys exists, the FileSystemObject is enabled: HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} HKEY_CLASSES_ROOT\Scripting.FileSystemObject If the File System Object is registered and is not required for operations, this is a finding. NOTE: This vulnerability can be documented locally by the ISSM/ISSO if the site is running an application requiring the registration of this object if the site has operational reasons for the use of this object and if the ISSM/ISSO has approved this change in writing, this should be marked as not a finding. |
| Fix Text (F-32769r1_fix) |
|---|
| Unregister the File System Object using the following command: regsvr32 scrrun.dll /u. |