Title

The IE home page is not set to blank or a trusted site. (Cat II impact)

Discussion

By setting this parameter appropriately, a malicious web site will not be automatically loaded into a browser which may contain mobile code.

Check Content

The policy for User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer "Disable changing home page settings" must be "Enable" and specify the URL for the home page. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Microsoft\Internet Explorer\Main Criteria: If the value Start Page is about:blank or a trusted site this is not a finding.

Fix Text

Set the policy for User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer "Disable changing home page settings" to "Enable" and specify the URL for the home page.

Additional Identifiers

Rule ID: SV-72161r2_rule

Vulnerability ID: V-6228

Group Title: DTBI001 - The IE home page is not set correctly

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.