Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15564 | DTBI680 | SV-45435r1_rule | Medium |
Description |
---|
Although Microsoft thoroughly tests all patches and service packs before they are published, organizations should carefully control all of the software that is installed on their managed computers. This setting specifies the update check interval, automatic installation, and the default interval value, which is 30 days. If you enable this policy setting, the user will not be able to configure the update check interval, and computers will not automatically download and install updates for Internet Explorer. The update check interval must be specified. If you disable or do not configure this policy setting, the user will have the freedom to configure the update check interval. |
STIG | Date |
---|---|
Microsoft Internet Explorer 10 Security Technical Implementation Guide | 2016-06-24 |
Check Text ( C-42784r1_chk ) |
---|
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Settings -> Component Updates -> Periodic check for updates to Internet Explorer and Internet Tools -> "Prevent specifying the update check interval (in days)" must be "Enabled", and "30" selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main Criteria: If the value Update_Check_Interval is REG_DWORD = 30 (Decimal), this is not a finding. |
Fix Text (F-38832r1_fix) |
---|
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Settings -> Component Updates -> Periodic check for updates to Internet Explorer and Internet Tools -> "Prevent specifying the update check interval (in days)" to "Enabled", and select "30" from the drop-down box. |