Security scan has reported the following on one of our sites hosted in IIS 8.5 Server 2012 R2.
The scanner enumerated the ISAPI filters mapped to the target Microsoft Internet Information Services (IIS) Web server's home directory "/". These are listed in the Result section below.
Most of the ISAPI filters come by default with IIS, and typically most of them are never used in Web applications. Further, there have been quite a few buffer overflow based remote code execution or denial of service attacks reported for many of these ISAPI filters.
Disable the ISAPI filters not being used on the target. This can be done using the "Internet Information Services" MMC snap-in's "Home Directory" section (under "Configuration").
I done some searching but not coming up with much on this topic for "Microsoft IIS ISAPI Application Filters Mapped To Home Directory" Any idea on how to remediate this? The instructions above is for IIS6.