Check: DTBI485
Microsoft Internet Explorer 10 STIG:
DTBI485
(in versions v1 r16 through v1 r14)
Title
Protected Mode must be enforced (Internet zone). (Cat II impact)
Discussion
Protected mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can write to in the registry and the file system. If you enable this policy setting, Protected Mode will be turned on. Users will not be able to turn off protected mode. If you disable this policy setting, Protected Mode will be turned off. It will revert to Internet Explorer 6 behavior that allows for Internet Explorer to write to the registry and the file system. Users will not be able to turn on protected mode. If you do not configure this policy, users will be able to turn on or off protected mode.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> "Turn on Protected Mode" must be "Enabled", and "Enable" selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value 2500 is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> "Turn on Protected Mode" to "Enabled", and select "Enable" from the drop-down box.
Additional Identifiers
Rule ID: SV-45288r2_rule
Vulnerability ID: V-15527
Group Title: DTBI485 - Protected Mode - Internet
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |