Abstract: Per default a IIS Server (Version 8.5 on Windows 2012 R2) running components from Microsoft Skype for Business advertise an “X-AspNet-Version: 2.0.50727” in the http server response. This could be used by an “hacker” to find possible vulnerable server, so it might be a good idea to hide that information.
Such an http header can be seen with Fiddler:
To prevent that the advertising from the X-AspNet-Version is added to the http header it can be removed via the following steps:
1.) Open the IIS Manager (on the affected Windows 2012 R2 OS)
2.) Select the server
3.) open the “Configuration Editor”
4.) change to “system.web/httpRuntime”
5.) change the “enableVersionHeader” from “True” to “False”
6.) save the configuration
You do not need to restart the Windows OS for this. Once saved it will be active!
Â