| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-228391 | CAT II | MONT-MB-002 | Microsoft Exchange 2016 Mailbox Server S... | Exchange Internal Receive connectors must not allo... | - | |||
Check TextNOTE: In some instances, AnonymousUsers may be necessary for organization-specific operations. In such cases, allowing AnonymousUsers must be paired with restricting to specific lists of servers allowed to access. In addition, the risk must be documented and accepted by the ISSO, ISSM, or AO. Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, PermissionGroups For each Receive connector, if the value of "PermissionGroups" is "AnonymousUsers" for any receive connector, this is a finding. Fix TextOpen the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -PermissionGroups and enter a valid value user group. Note: The <IdentityName> value must be in single quotes. Example: Set-ReceiveConnector -Identity <'IdentityName'> -PermissionGroups ExchangeUsers Repeat the procedures for each Receive connector. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 89AEDB6D61782F30776435FEE7E9E99978D0AF04 ~~~~~ Default MONT-MB-002 PermissionGroups: ExchangeLegacyServers Client Proxy MONT-MB-002 PermissionGroups: ExchangeServers Default Frontend MONT-MB-002 PermissionGroups: AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers [Found AnonymousUsers] Outbound Proxy Frontend MONT-MB-002 PermissionGroups: ExchangeServers Client Frontend MONT-MB-002 PermissionGroups: ExchangeUsers
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl
Scan Date: 2026-01-14T12:57:33.455034
Technology Area: Exchange Server
|
||||||||