Title

The Font download control is not set properly for the Restricted Sites Zone. (Cat II impact)

Discussion

Download of fonts can sometimes contain malicious code. Files should not be downloaded from restricted sites.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> “Allow font downloads” will be set to “Enabled” and “Disable”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value 1604 is REG_DWORD = 3 (Disabled = 3), this is not a finding.

Fix Text

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> “Allow font downloads” will be set to “Enabled” and “Disable”. Change the registry key HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: Set the value 1604 to REG_DWORD = 3 (Disabled = 3).

Additional Identifiers

Rule ID:

Vulnerability ID: V-6295

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.