STIGQter: STIG Summary: Exchange 2010 Client Access Server STIG Version: 1 Release: 9 Benchmark Date: 27 Jan 2017:

The Microsoft Exchange POP3 service must be disabled.

DISA Rule

SV-43990r1_rule

Vulnerability Number

V-33570

Group Title

Exch-1-008

Rule Version

Exch-1-008

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Open the Windows Power Shell and enter the following command:

services.msc

Double click the 'Microsoft Exchange POP3' service and select the General tab.

Set the 'Startup Type' to 'Disabled', click ok.

Check Contents

Open the Windows Power Shell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start

If the value of 'Start' is not set to '4', this is a finding.

Vulnerability Number

V-33570

Documentable

False

Rule Version

Exch-1-008

Severity Override Guidance

Open the Windows Power Shell and enter the following command:

Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangePOP3' | Select Start

If the value of 'Start' is not set to '4', this is a finding.

Check Content Reference

M

Target Key

1995

Comments