Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18805 | EMG2-255 Exch2K3 | SV-20532r1_rule | ECLP-1 | Medium |
Description |
---|
The ExAdmin Virtual Server is used by the Exchange System Manager to access mailboxes and Public Folders. As such, it is a required part of the Exchange application. The Exchange System Manager is a central part of the Exchange application and without these capabilities it will be unable to function properly. Scripts on servers are a frequent cause of server compromises. Since virtual servers are the primary interface between Exchange and the web, they are particularly at risk of compromise. Therefore, attack vectors via scripts and executables running on the server should be minimized. The ExAdmin Virtual Server is used by the Exchange System Manager to access mailboxes and Public Folders. This control allows the administrator to specify whether scripts and/or executables may be run on this virtual server. Scripts and executables should be denied the ability to run on this server. The Exchange System Manager is the only entity that interfaces with it, and since the default provides all of the capabilities needed, there should be no reason to change it. |
STIG | Date |
---|---|
Microsoft Exchange Server 2003 | 2014-08-19 |
Check Text ( C-22515r1_chk ) |
---|
Validate the ExAdmin script permissions. Procedure: Exchange system Manager >>Administrative Groups>> [administrative group]>> Servers >> [server name] >> protocols >> HTTP >> Exchange Virtual Server >> ExAdmin >> Properties >> Access tab For Execute Permissions, ‘None’ should be selected. Criteria: If ‘None’ is selected for Execute Permissions, this is not a finding. |
Fix Text (F-19465r1_fix) |
---|
Configure the ExAdmin Script Permissions. Procedure: Exchange system Manager >>Administrative Groups>> [administrative group]>> Servers >> [server name] >> protocols >> HTTP >> Exchange Virtual Server >> ExAdmin >> Properties >> Access tab Select ‘None’ on Execute Permissions. |