Title

The File System Object component, if not required, must be disabled. (Cat II impact)

Discussion

Some COM components are not required for most applications and should be removed if possible. Most notably, consider disabling the File System Object component; however, this will also remove the Dictionary object. Be aware some programs may require components that are being disabled, so it is highly recommended this be tested completely before implementing on your production Web servers.

Check Content

Query the SA or Web Manager to determine if the File System Object is required. If it is, the ISSO will need to document this requirement. Check for the existence of the following registry keys. If either of the following keys exists, the FileSystemObject is enabled: HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} HKEY_CLASSES_ROOT\Scripting.FileSystemObject If the File System Object is registered and is not required for operations, this is a finding. NOTE: This vulnerability can be documented locally by the ISSM/ISSO if the site is running an application requiring the registration of this object if the site has operational reasons for the use of this object and if the ISSM/ISSO has approved this change in writing, this should be marked as not a finding.

Fix Text

Unregister the File System Object using the following command: regsvr32 scrrun.dll /u.

Additional Identifiers

Rule ID: SV-38151r2_rule

Vulnerability ID: V-13700

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.