Title

Updates to web site lists from Microsoft must be disallowed. (Cat III impact)

Discussion

This policy controls the web site compatibility lists provided by Microsoft. If you enable this policy setting, the compatibility web site lists provided by Microsoft will be used during browser navigation. If a user visits a site on the compatibility list provided by Microsoft, the page will automatically display in Compatibility view. If you disable this policy setting, the Microsoft web site list will not be used. Additionally, users can not enable the feature using the Compatibility View Settings dialog box. If you do not configure this setting, the Microsoft web site list will not be active. The user can enable the functionality using the Compatibility View Settings dialog box.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Compatibility View -> “Include updated Web site lists from Microsoft” must be “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Criteria: If the value MSCompatibilityMode is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Compatibility View -> “Include updated Web site lists from Microsoft” to “Disabled”.

Additional Identifiers

Rule ID: SV-40706r1_rule

Vulnerability ID: V-22147

Group Title: DTBI750 - Microsoft web site list updates

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.