Details

The web server Software, IIS 6, is no longer supported by Microsoft for security updates and is not evaluated or updated for vulnerabilities, leaving it open to potential attack. Organizations must transition to a supported IIS release to ensure continued support.

Solution

Upgrade Microsoft IIS to a supported version.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.

References

• 800-53|SI-2c.
• CAT|I
• Rule-ID|SV-38193r2_rule
• STIG-ID|WG190_IIS6
• Vuln-ID|V-2246

Source

• Tenable.com/audits