Check: DTBI1130-IE11
Microsoft Internet Explorer 11 STIG:
DTBI1130-IE11
(in versions v2 r5 through v2 r3)
Title
VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone). (Cat II impact)
Discussion
This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without user intervention. By selecting "Prompt" in the drop-down box, users are asked to choose whether to allow VBScript to run. By selecting "Disable" in the drop-down box, VBScript is prevented from running. If this policy setting is not configured or disabled, VBScript will run without user intervention.
Check Content
The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> "Allow VBScript to run in Internet Explorer" must be "Enabled", and "Disable" must be selected from the drop-down box. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 If the value for "140C" is not REG_DWORD = 3, this is a finding.
Fix Text
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Restricted Sites Zone >> "Allow VBScript to run in Internet Explorer" to "Enabled" and select "Disable" from the drop-down box.
Additional Identifiers
Rule ID: SV-223055r879629_rule
Vulnerability ID: V-223055
Group Title: SRG-APP-000209
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001169 |
The information system prevents the download of organization-defined unacceptable mobile code. |
Controls
Number | Title |
---|---|
SC-18 (3) |
Prevent Downloading / Execution |