UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IIS Internet Printing Protocol is not disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6754 WA000-WI080 SV-6970r1_rule Medium
Description
Cited by SANS as one of the five most widely exploited holes in unpatched versions of IIS in 2001, Windows 2000 and 2003 include support for the Internet Printing Protocol (IPP) via an ISAPI extension on IIS 5.x. This extension is installed by default on all Windows 2000 and 2003 systems with IIS. CERT published an advisory (also referenced by Mitre’s CVE system) in May 2001 indicating that through a buffer overflow in the ISAPI extension, remote users could execute arbitrary code in the local system context (essentially the equivalent of administrator), giving the user complete control of the system. Adding the following key to the registry can disable IPP: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPrinting The type of the key is REG_DWORD, and the value should be set to 1. Administrators should note that this effort could be accomplished with a security template as described above.
STIG Date
IIS 7.0 Server STIG 2019-03-22

Details

Check Text ( C-2866r2_chk )
Using the registry editior, verify the settings for the IIS printing protocol:

Start>>Run>>Regedt32>>navigate to
\\Hkey_Local_Machine\Software\Policies\Microsoft\Windows NT\Printers

Look for the following value:

DisableWebPrinting REG_DWORD 1

The key needs to be set to a value of 1 and the type needs to be a REG-DWORD. If the registry does not exist, the value defaults to nothing, which would also be a finding.

If Internet based printing is not disabled, this is a finding.

--------------------

Fix Text (F-6389r1_fix)
Procedure: Start>>Run>>Regedt32>>navigate to \\Hkey_Local_Machine\Software\Policies\Microsoft\Windows NT\Printers

Set the following value:

DisableWebPrinting REG_DWORD 1