UCF STIG Viewer Logo

All IIS 8.5 web server sample code, example applications, and tutorials must be removed from a production IIS 8.5 server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214410 IISW-SV-000120 SV-214410r879587_rule High
Description
Web server documentation, sample code, example applications, and tutorials may be an exploitable threat to a web server. A production web server may only contain components that are operationally necessary (i.e., compiled code, scripts, web content, etc.). Delete all directories containing samples and any scripts used to execute the samples.
STIG Date
Microsoft IIS 8.5 Server Security Technical Implementation Guide 2022-12-09

Details

Check Text ( C-15620r310278_chk )
Navigate to the following folders:

inetpub\
Program Files\Common Files\System\msadc
Program Files (x86)\Common Files\System\msadc

If the folder or sub-folders contain any executable sample code, example applications, or tutorials which are not explicitly used by a production website, this is a finding.
Fix Text (F-15618r310279_fix)
Remove any executable sample code, example applications, or tutorials which are not explicitly used by a production website.