WA000-WI080 - The IIS Internet Printing Protocol is not disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Vulnerability Key: V0006754
IA Controls: ECSC-1 Security Configuration Compliance
Categories: 2.2 Least Privilege
Severity: Category II
Ref: WEB SERVER SECURITY TECHNICAL IMPLEMENTATION GUIDE Section 2.1
Cited by SANS as one of the five most widely exploited holes in unpatched versions of IIS in
2001, Windows 2000 and 2003 include support for the Internet Printing Protocol (IPP) via an
ISAPI extension on IIS 5.x. This extension is installed by default on all Windows 2000 and 2003
systems with IIS. CERT published an advisory (also referenced by Mitre.s CVE system) in May
2001 indicating that through a buffer overflow in the ISAPI extension, remote users could execute
arbitrary code in the local system context (essentially the equivalent of administrator), giving the
user complete control of the system.

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CSCv6|9.1

Plugin: Windows

Control ID: aa0978d8d247f4100a4fd167ac93598aeccae77f92f6f1d2d7460d4def3148ce