web.config accessible to the public (Windows Vulnerability Detected)

Issue

I got a notice that there is a Windows vulnerability with my application hosted on Acquia Cloud due to a publicly available web.config file.

Resolution

Update your .htaccess to a more recent version. You can see more information relevant to this on Drupal.org: https://www.drupal.org/project/drupal/issues/2974213

Cause

The reason that this becomes an issue is due to most likely an outdated .htaccess file. Please note that Acquia Cloud does not use Windows services so these warnings made known by security scans/teams are application level that developers can resolve.