UCF STIG Viewer Logo

The update check interval must be configured and set to 30 days.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15564 DTBI680 SV-40681r1_rule ECSC-1 Medium
Description
Although Microsoft thoroughly tests all patches and service packs before they are published, organizations should carefully control all of the software that is installed on their managed computers. This setting specifies the update check interval, automatic installation and the default interval value, which is 30 days. If you enable this policy setting, the user will not be able to configure the update check interval, and computers will not automatically download and install updates for Internet Explorer. The update check interval must be specified. If you disable or do not configure this policy setting, the user will have the freedom to configure the update check interval.
STIG Date
Microsoft Internet Explorer 9 Security Technical Implementation Guide 2015-12-17

Details

Check Text ( C-39411r2_chk )
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Settings -> Component Updates -> Periodic check for updates to Internet Explorer and Internet Tools -> "Turn off configuring the update check interval (in days)" must be “Enabled” and "30" selected from the drop-down box.

Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\Internet Explorer\Main

Criteria: If the value Update_Check_Interval is REG_DWORD = 30 (Decimal), this is not a finding.
Fix Text (F-34535r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Settings -> Component Updates -> Periodic check for updates to Internet Explorer and Internet Tools -> "Turn off configuring the update check interval (in days)" to “Enabled” and select "30" from the drop-down box.