STIGQter: STIG Summary: Microsoft Exchange 2013 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Exchange POP3 service must be disabled.

DISA Rule

SV-207285r615936_rule

Vulnerability Number

V-207285

Group Title

SRG-APP-000141

Rule Version

EX13-MB-000095

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Open the Windows Power Shell and enter the following command:

services.msc

Navigate to and double-click on Microsoft Exchange POP3 Backend.

Click on the "General" tab.

In the Startup Type: dropdown, select Disabled.

Click the OK button.

Check Contents

Open the Windows Power Shell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3be' | Select Start

Note: The hklm:\system\currentcontrolset\services\MSExchangePOP3 value must be in quotes.

If the value of Start is not set to 4, this is a finding.

Vulnerability Number

V-207285

Documentable

False

Rule Version

EX13-MB-000095

Severity Override Guidance

Open the Windows Power Shell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3be' | Select Start

Note: The hklm:\system\currentcontrolset\services\MSExchangePOP3 value must be in quotes.

If the value of Start is not set to 4, this is a finding.

Check Content Reference

M

Target Key

2923

Comments