UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Internet Explorer Processes for MK protocol is not enabled. (Explorer)


Overview

Finding ID Version Rule ID IA Controls Severity
V-15550 DTBI600 SV-25648r1_rule ECSC-1 Medium
Description
The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older Web applications use the MK protocol to retrieve information from compressed files. Setting this policy to Enabled blocks the MK protocol for Windows Explorer and Internet Explorer, which causes resources that use the MK protocol to fail. Disabling this setting allows applications to use the MK protocol API. Because the MK protocol is not widely used, it should be blocked wherever it is not needed. This guide recommends you configure this setting to Enabled to block the MK protocol unless it is specifically needed in your environment. Note: Because resources that use the MK protocol will fail when you deploy this setting, you should ensure that none of your applications use the MK protocol.
STIG Date
Internet Explorer 8 STIG 2014-01-08

Details

Check Text ( None )
None
Fix Text (F-23230r1_fix)
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> MK Protocol Security Restriction -> "Internet Explorer Processes" will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Criteria: Set the value explorer.exe to REG_SZ = 1.