none
Options Method enabled vulnerability detected on NON-IIS Windows 2012r2 server RRS feed

  • Question

  • My company has a Windows 2012r2 server that does not have IIS installed.  However, in a recent vulnerability scan the Options Method Enabled security vulnerability was detected.  I performed a scan using nmap and discovered the following:

    PORT      STATE    SERVICE
    21/tcp    filtered ftp
    135/tcp   open     msrpc
    139/tcp   open     netbios-ssn
    445/tcp   open     microsoft-ds
    3389/tcp  open     ms-wbt-server
    8080/tcp  open     http-proxy
    | http-methods:
    |   Supported Methods: GET HEAD POST PUT DELETE OPTIONS
    |_  Potentially risky methods: PUT DELETE
    8443/tcp  open     https-alt
    | http-methods:
    |   Supported Methods: GET HEAD POST PUT DELETE OPTIONS
    |_  Potentially risky methods: PUT DELETE
    8800/tcp  open     sunwebadmin
    9091/tcp  open     xmltec-xmlmail
    49152/tcp open     unknown
    49153/tcp open     unknown
    49154/tcp open     unknown
    49155/tcp open     unknown
    49156/tcp open     unknown
    49175/tcp open     unknown

    So, the question is:  Since this server does not have IIS Manager, how do I disable the risky methods?

    Monday, August 19, 2019 2:20 PM

All replies

  • Hello,

    You can open the services.msc in CMD.

    Then, you can disable the particular service listed by the scanning tool, which may be vulnerable.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 20, 2019 3:55 AM
    Moderator
  • how do I determine what service to disable with only PUT and DELETE methods above listed as risky.  How do I associate the Risky Methods to a service?
    Tuesday, August 20, 2019 12:24 PM