Check: DTBI061
Microsoft IE Version 7:
DTBI061
(in version v4 r20)
Title
Java permissions for local intranet zone are not disabled. (Cat II impact)
Discussion
Java must have level of protection based upon the site being browsed.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Intranet Zone -> "Java permissions" will be set to “Enabled” and "High Safety" selected from down drop box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Criteria: If the value 1C00 is REG_DWORD = 65536, (Decimal), this is not a finding.
Fix Text
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Intranet Zone -> "Java permissions" will be set to “Enabled” and "High Safety" selected from down drop box. Procedure: Use the Windows Registry Editor to navigate to the following keys: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Criteria: Set the value 1C00 to REG_DWORD = 65536, (Decimal).
Additional Identifiers
Rule ID: SV-16445r1_rule
Vulnerability ID: V-6267
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |