STIGQter: STIG Summary: Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Exchange Post Office Protocol 3 (POP3) service must be disabled.

DISA Rule

SV-228372r612748_rule

Vulnerability Number

V-228372

Group Title

SRG-APP-000141

Rule Version

EX16-MB-000190

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Open the Windows Power Shell and enter the following command:

services.msc

Navigate to and double-click on "Microsoft Exchange POP3 Backend".

Click on the "General" tab.

In the "Startup Type" dropdown, select "Disabled".

Click the "OK" button.

Check Contents

Open the Windows Power Shell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start

Note: The hklm:\system\currentcontrolset\services\MSExchangePOP3 value must be in single quotes.

If the value of "Start" is not set to "4", this is a finding.

Vulnerability Number

V-228372

Documentable

False

Rule Version

EX16-MB-000190

Severity Override Guidance

Open the Windows Power Shell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start

Note: The hklm:\system\currentcontrolset\services\MSExchangePOP3 value must be in single quotes.

If the value of "Start" is not set to "4", this is a finding.

Check Content Reference

M

Target Key

4223

Comments