Title

Enabling outdated ActiveX controls for Internet Explorer must be blocked. (Cat II impact)

Discussion

This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very important to keep ActiveX controls up to date because malicious or compromised webpages can target security flaws in out-of-date ActiveX controls.

Check Content

In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, verify "Turn off blocking of outdated ActiveX controls for Internet Explorer" is set to “Disabled”. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext If the value "VersionCheckEnabled" is REG_DWORD = 1, this is not a finding.

Fix Text

In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, set "Turn off blocking of outdated ActiveX controls for Internet Explorer" to "Disabled".

Additional Identifiers

Rule ID: SV-223049r879587_rule

Vulnerability ID: V-223049

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.