UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).


Overview

Finding ID Version Rule ID IA Controls Severity
V-15559 DTBI645 SV-45241r1_rule ECSC-1 Medium
Description
Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable websites will resize windows to either hide other windows or force the user to interact with a window containing malicious code. The Scripted Window Security Restrictions security feature restricts pop-up windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user, or which hide other windows' title and status bars. If you enable the Scripted Window Security Restrictions\Internet Explorer Processes policy setting, pop-up windows and other restrictions apply for Windows Explorer and Internet Explorer processes. If you disable or do not configure this policy setting, scripts can continue to create pop-up windows, and windows that hide other windows. Recommend configuring this setting to Enabled to help prevent malicious websites from controlling the Internet Explorer windows or fooling users into clicking on the wrong window.
STIG Date
Microsoft Internet Explorer 10 Security Technical Implementation Guide 2014-09-30

Details

Check Text ( None )
None
Fix Text (F-38637r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Scripted Window Security Restrictions -> "Internet Explorer Processes" to "Enabled".