Check: DTBI318
Microsoft IE Version 7:
DTBI318
(in version v4 r20)
Title
Internet Explorer is configured to Allow Users to Add/Delete Sites. (Cat II impact)
Discussion
This setting prevents users from adding sites to various security zones. Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the system.
Check Content
If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ Value Name: Security_Zones_Map_Edit Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer “Security Zones: Do Not Allow Users to Add/Delete Sites” to “Enabled”.
Additional Identifiers
Rule ID: SV-28780r1_rule
Vulnerability ID: V-3429
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |