EX16-MB-000180 - The Exchange Internet Message Access Protocol 4 (IMAP4) service must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

IMAP4 is not approved for use within the DoD. It uses a clear-text-based user name and password and does not support the DoD standard for PKI for email access. User name and password could easily be captured from the network, allowing a malicious user to access other system features. Uninstalling or disabling the service will prevent the use of the IMAP4 protocol.

Solution

Open the Windows Power Shell and enter the following command:

services.msc

Navigate to and double-click on 'Microsoft Exchange IMAP4 Backend'.

Click on the 'General' tab.

In the 'Startup Type' dropdown, select 'Disabled'.

Click the 'OK' button.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Exchange_2016_Y22M07_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-228371r612748_rule, STIG-ID|EX16-MB-000180, STIG-Legacy|SV-95367, STIG-Legacy|V-80657, Vuln-ID|V-228371

Plugin: Windows

Control ID: f4e1375f3f496c6fbdf675b6c7f73b9f283f6b44a20b79dd9809dc124ca3f84e