Title

Internet Explorer must be disabled for Windows 10. (Cat II impact)

Discussion

Internet Explorer 11 (IE11) is no longer supported on Windows 10 semi-annual channel.

Check Content

Determine if IE11 is installed or enabled on Windows 10 semi-annual channel. If IE11 is installed or not disabled on Windows 10 semi-annual channel, this is a finding. If IE11 is installed on a unsupported operating system and is enabled or installed, this is a finding. For more information, visit: https://learn.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge#what-is-the-lifecycle-policy-for-internet-explorer-

Fix Text

For Windows 10 semi-annual channel, remove or disable the IE11 application. To disable IE11 as a standalone browser: Set the policy value for "Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Disable Internet Explorer 11 as a standalone browser" to "Enabled" with the option value set to "Never".

Additional Identifiers

Rule ID: SV-256894r891287_rule

Vulnerability ID: V-256894

Group Title: SRG-OS-000185-GPOS-00079

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.