Title

Only allow approved domains to use ActiveX controls without prompt property is properly set (Internet Zone). (Cat II impact)

Discussion

This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> “Only allow approved domains to use ActiveX controls without prompt” will be set to “Enabled” and “Enable”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value 120B is REG_DWORD = 3, this is not a finding.

Fix Text

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> “Only allow approved domains to use ActiveX controls without prompt” will be set to “Enabled” and “Enable”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: Set the value 120B to REG_DWORD = 3.

Additional Identifiers

Rule ID:

Vulnerability ID: V-22155

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.