Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6754 | WA000-WI080 | SV-6970r1_rule | Medium |
Description |
---|
Cited by SANS as one of the five most widely exploited holes in unpatched versions of IIS in 2001, Windows 2000 and 2003 include support for the Internet Printing Protocol (IPP) via an ISAPI extension on IIS 5.x. This extension is installed by default on all Windows 2000 and 2003 systems with IIS. CERT published an advisory (also referenced by Mitre’s CVE system) in May 2001 indicating that through a buffer overflow in the ISAPI extension, remote users could execute arbitrary code in the local system context (essentially the equivalent of administrator), giving the user complete control of the system. Adding the following key to the registry can disable IPP: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPrinting The type of the key is REG_DWORD, and the value should be set to 1. Administrators should note that this effort could be accomplished with a security template as described above. |
STIG | Date |
---|---|
IIS 7.0 Server STIG | 2019-03-22 |
Check Text ( C-2866r2_chk ) |
---|
Using the registry editior, verify the settings for the IIS printing protocol: Start>>Run>>Regedt32>>navigate to \\Hkey_Local_Machine\Software\Policies\Microsoft\Windows NT\Printers Look for the following value: DisableWebPrinting REG_DWORD 1 The key needs to be set to a value of 1 and the type needs to be a REG-DWORD. If the registry does not exist, the value defaults to nothing, which would also be a finding. If Internet based printing is not disabled, this is a finding. -------------------- |
Fix Text (F-6389r1_fix) |
---|
Procedure: Start>>Run>>Regedt32>>navigate to \\Hkey_Local_Machine\Software\Policies\Microsoft\Windows NT\Printers Set the following value: DisableWebPrinting REG_DWORD 1 |