UCF STIG Viewer Logo

Microsoft Internet Explorer 10 Security Technical Implementation Guide


Overview

Date Finding Count (141)
2017-04-28 CAT I (High): 1 CAT II (Med): 138 CAT III (Low): 2
STIG Description
The Microsoft Internet Explorer 10 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-64727 High The installed version of IE must be a supported version.
V-15500 Medium Third-party browser extensions must be disallowed.
V-15503 Medium Checking for signatures on downloaded programs must be enforced.
V-15502 Medium Checking for server certificate revocation must be enforced.
V-15504 Medium All network paths (UNCs) for Intranet sites must be disallowed.
V-15507 Medium Script-initiated windows without size or position constraints must be disallowed (Internet zone).
V-15509 Medium Scriptlets must be disallowed (Internet zone).
V-6262 Medium Logon options must be configured to prompt (Internet zone).
V-6260 Medium Clipboard operations via script must be disallowed (Internet zone).
V-6267 Medium Java permissions must be configured with High Safety (Intranet zone).
V-22171 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved).
V-15508 Medium Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone).
V-15518 Medium Java permissions must be disallowed (Locked Down Trusted Sites zone).
V-15519 Medium Java permissions must be disallowed (Locked Down Internet zone).
V-15516 Medium Java permissions must be disallowed (Locked Down Local Machine zone).
V-15517 Medium Java permissions must be disallowed (Locked Down Intranet zone).
V-15515 Medium Java permissions must be disallowed (Local Machine zone).
V-15513 Medium Automatic prompting for file downloads must be disallowed (Internet zone).
V-22108 Medium Managing SmartScreen Filter use must be enforced.
V-34489 Medium Legacy filter functionality must be disallowed (Internet zone).
V-6297 Medium Accessing data sources across domains must be disallowed (Restricted Sites zone).
V-6294 Medium File downloads must be disallowed (Restricted Sites zone).
V-6295 Medium Font downloads must be disallowed (Restricted Sites zone).
V-6292 Medium ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
V-6293 Medium ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
V-6290 Medium The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
V-6291 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
V-6298 Medium The Allow META REFRESH property must be disallowed (Restricted Sites zone).
V-6301 Medium Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
V-15569 Medium Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
V-15568 Medium Internet Explorer Processes for MK protocol must be enforced (Reserved).
V-6302 Medium Installation of desktop items must be disallowed (Restricted Sites zone).
V-15563 Medium The URL to be displayed for checking updates to Internet Explorer and Internet Tools must be a blank page.
V-15562 Medium Scripting of Java applets must be disallowed (Restricted Sites zone).
V-15561 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-22636 Medium .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet zone).
V-15566 Medium Internet Explorer Processes for MIME handling must be enforced (IExplore).
V-15565 Medium Internet Explorer Processes for MIME handling must be enforced (Explorer).
V-15564 Medium The update check interval must be configured and set to 30 days.
V-34490 Medium Legacy filter functionality must be disallowed (Restricted Sites zone).
V-6281 Medium Java permissions must be configured with High Safety (Trusted Sites zone).
V-6289 Medium The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
V-15579 Medium Crash Detection management must be enforced.
V-22688 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (IExplore).
V-15570 Medium Internet Explorer Processes for Zone Elevation must be enforced (IExplore).
V-15571 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Explorer).
V-15572 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (IExplore).
V-22687 Medium Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer).
V-6239 Medium The Internet Explorer warning about certificate address mismatch must be enforced.
V-34414 Medium Do Not Track header must be sent.
V-6243 Medium The Download signed ActiveX controls property must be disallowed (Internet zone).
V-6304 Medium Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
V-6307 Medium Rule Title: Userdata persistence must be disallowed (Restricted Sites zone).
V-22635 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet zone).
V-22634 Medium Status bar updates via script must be disallowed (Internet zone).
V-22637 Medium Scriptlets must be disallowed (Restricted Sites zone).
V-6303 Medium Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
V-22638 Medium Status bar updates via script must be disallowed (Restricted Sites zone).
V-6308 Medium Active scripting must be disallowed (Restricted Sites Zone).
V-6309 Medium Clipboard operations via script must be disallowed (Restricted Sites zone).
V-6244 Medium The Download unsigned ActiveX controls property must be disallowed (Internet zone).
V-34461 Medium Enhanced protected mode functionality must be enforced.
V-34460 Medium Dragging of content from different domains within a window must be disallowed (Restricted Sites zone).
V-3428 Medium Internet Explorer must be configured to disallow users to change policies.
V-3429 Medium Internet Explorer must be set to disallow users to add/delete sites.
V-3427 Medium Internet Explorer must be configured to use machine settings.
V-15604 Medium Internet Explorer Processes for MIME sniffing must be enforced (IExplore).
V-6253 Medium Functionality to drag and drop or copy and paste files must be disallowed (Internet zone).
V-6250 Medium Accessing data sources across domains must be disallowed (Internet zone).
V-15560 Medium .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Restricted Sites Zone).
V-6256 Medium Navigating windows and frames across different domains must be disallowed (Internet zone).
V-6255 Medium Launching programs and files in IFRAME must be disallowed (Internet zone).
V-6259 Medium Userdata persistence must be disallowed (Internet zone).
V-7007 Medium Java permissions must be disallowed (Restricted Sites zone).
V-6311 Medium Logon options must be configured and enforced (Restricted Sites zone).
V-15603 Medium Internet Explorer Processes for MIME sniffing must be enforced (Explorer).
V-22149 Medium Deleting websites that the user has visited must be disallowed.
V-22148 Medium Browser must retain history on exit.
V-15545 Medium Allow binary and script behaviors must be disallowed (Restricted Sites zone).
V-15546 Medium Automatic prompting for file downloads must be disallowed (Restricted Sites zone).
V-34474 Medium Internet Explorer accelerator functionality must be disallowed.
V-6245 Medium The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).
V-15549 Medium Internet Explorer Processes for MIME sniffing must be enforced (Reserved).
V-15548 Medium Internet Explorer Processes for MIME handling is not enabled. (Reserved)
V-15527 Medium Protected Mode must be enforced (Internet zone).
V-15526 Medium First-Run prompt ability must be disallowed (Restricted Sites zone).
V-15525 Medium First-Run prompt ability must be disallowed (Internet zone).
V-15524 Medium MIME sniffing must be disallowed (Restricted Sites zone).
V-15523 Medium MIME sniffing must be disallowed (Internet zone).
V-15522 Medium XAML files must be disallowed (Restricted Sites zone).
V-15521 Medium XAML files must be disallowed (Internet zone).
V-15520 Medium Java permissions must be disallowed (Locked Down Restricted Sites zone).
V-6249 Medium The Java permissions must be disallowed (Internet zone).
V-6248 Medium Font downloads must be disallowed (Internet zone).
V-15529 Medium Pop-up Blocker must be enforced (Internet zone).
V-15528 Medium Protected Mode must be enforced (Restricted Sites zone).
V-22154 Medium Security Warning for unsafe files must be set to prompt (Internet zone).
V-22155 Medium ActiveX controls without prompt property must be used in approved domains only (Internet zone).
V-22156 Medium Cross-Site Scripting (XSS) Filter must be enforced (Internet zone).
V-22157 Medium Scripting of Internet Explorer WebBrowser control must be disallowed (Restricted Sites zone).
V-22150 Medium InPrivate Browsing must be disallowed.
V-22152 Medium Scripting of Internet Explorer WebBrowser control property must be disallowed (Internet zone).
V-22153 Medium When uploading files to a server, the local directory path must be excluded (Internet zone).
V-34610 Medium When enhanced protected mode is enabled, ActiveX controls must be disallowed to run in protected mode.
V-34590 Medium URL Suggestions must be disallowed.
V-22158 Medium When uploading files to a server, the local directory path must be excluded (Restricted Sites zone).
V-22159 Medium Security Warning for unsafe files must be disallowed (Restricted Sites zone).
V-15492 Medium Participation in the Customer Experience Improvement Program must be disallowed.
V-15490 Medium Automatic configuration of Internet Explorer connections must be disallowed.
V-15497 Medium Active content from CDs must be disallowed to run on user machines.
V-15494 Medium Security checking features must be enforced.
V-15499 Medium Software must be disallowed to run or install with invalid signatures.
V-15552 Medium Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
V-15550 Medium Internet Explorer Processes for MK protocol must be enforced (Explorer).
V-15551 Medium Internet Explorer Processes for MK protocol must be enforced (IExplore).
V-15556 Medium Internet Explorer Processes for Restrict File Download must be enforced (Reserved).
V-15557 Medium Internet Explorer Processes for Restrict File Download must be enforced (Explorer).
V-15558 Medium Internet Explorer Processes for Restrict File Download must be enforced (IExplore).
V-15559 Medium Internet Explorer Processes for restricting pop-up windows must be enforced (Reserved).
V-30780 Medium Internet Explorer Processes for Notification Bars must be enforced (Explorer).
V-30781 Medium Internet Explorer Processes for Notification Bars must be enforced (IExplore).
V-15534 Medium Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone.
V-15530 Medium Pop-up Blocker must be enforced (Restricted Sites zone).
V-15533 Medium Websites in less privileged web content zones must be prevented from navigating into the Internet zone.
V-34425 Medium Ability to install new versions of Internet Explorer automatically must be disallowed.
V-22161 Medium Cross-Site Scripting (XSS) Filter property must be enforced (Restricted Sites zone).
V-22160 Medium ActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).
V-30777 Medium Automatic checking for Internet Explorer updates must be disallowed.
V-30776 Medium Suggested Sites functionality must be disallowed.
V-30775 Medium Browser Geolocation functionality must be disallowed.
V-30774 Medium Add-on performance notifications must be disallowed.
V-30779 Medium Internet Explorer Processes for Notification Bars must be enforced (Reserved).
V-30778 Medium ActiveX opt-in prompt must be disallowed.
V-17296 Medium First Run Wizard settings must be established for a home page.
V-34458 Medium Dragging of content from different domains across windows must be disallowed (Restricted Sites zone).
V-34459 Medium Dragging of content from different domains within a window must be disallowed (Internet zone).
V-21887 Medium Configuring History setting must be set to 40 days.
V-34456 Medium Displaying of the reveal password button must be disallowed.
V-34457 Medium Dragging of content from different domains across windows must be disallowed (Internet zone).
V-3430 Low Internet Explorer must be configured to make proxy settings per user.
V-22147 Low Updates to website lists from Microsoft must be disallowed.