The IIS Internet Printing Protocol is not disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6754	WA000-WI080	SV-6970r1_rule		Medium

Description
Cited by SANS as one of the five most widely exploited holes in unpatched versions of IIS in 2001, Windows 2000 and 2003 include support for the Internet Printing Protocol (IPP) via an ISAPI extension on IIS 5.x. This extension is installed by default on all Windows 2000 and 2003 systems with IIS. CERT published an advisory (also referenced by Mitre’s CVE system) in May 2001 indicating that through a buffer overflow in the ISAPI extension, remote users could execute arbitrary code in the local system context (essentially the equivalent of administrator), giving the user complete control of the system. Adding the following key to the registry can disable IPP: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPrinting The type of the key is REG_DWORD, and the value should be set to 1. Administrators should note that this effort could be accomplished with a security template as described above.

Description

Cited by SANS as one of the five most widely exploited holes in unpatched versions of IIS in 2001, Windows 2000 and 2003 include support for the Internet Printing Protocol (IPP) via an ISAPI extension on IIS 5.x. This extension is installed by default on all Windows 2000 and 2003 systems with IIS. CERT published an advisory (also referenced by Mitre’s CVE system) in May 2001 indicating that through a buffer overflow in the ISAPI extension, remote users could execute arbitrary code in the local system context (essentially the equivalent of administrator), giving the user complete control of the system. Adding the following key to the registry can disable IPP: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPrinting The type of the key is REG_DWORD, and the value should be set to 1. Administrators should note that this effort could be accomplished with a security template as described above.

STIG	Date
IIS 7.0 Server STIG	2019-03-22

Details

Check Text ( C-2866r2_chk )
Using the registry editior, verify the settings for the IIS printing protocol: Start>>Run>>Regedt32>>navigate to \\Hkey_Local_Machine\Software\Policies\Microsoft\Windows NT\Printers Look for the following value: DisableWebPrinting REG_DWORD 1 The key needs to be set to a value of 1 and the type needs to be a REG-DWORD. If the registry does not exist, the value defaults to nothing, which would also be a finding. If Internet based printing is not disabled, this is a finding. --------------------

Check Text ( C-2866r2_chk )

Using the registry editior, verify the settings for the IIS printing protocol:

Start>>Run>>Regedt32>>navigate to
\\Hkey_Local_Machine\Software\Policies\Microsoft\Windows NT\Printers

Look for the following value:

DisableWebPrinting REG_DWORD 1

The key needs to be set to a value of 1 and the type needs to be a REG-DWORD. If the registry does not exist, the value defaults to nothing, which would also be a finding.

If Internet based printing is not disabled, this is a finding.

--------------------

Fix Text (F-6389r1_fix)
Procedure: Start>>Run>>Regedt32>>navigate to \\Hkey_Local_Machine\Software\Policies\Microsoft\Windows NT\Printers Set the following value: DisableWebPrinting REG_DWORD 1