Policy must require that no web browser be run by an administrative user account, except as necessary for local service administration.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
WN08-00-000015	WN08-00-000015	WN08-00-000015_rule		High

Description
If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. Since administrative user accounts may generally change or work around technical restrictions for running the web browser, it is essential that policy requires web browsers not run by administrative users. The policy should define specific exceptions for local service administration. These exceptions may include HTTP(S)-based tools that are used for the administration of the local system, services, or attached devices.

Description

If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. Since administrative user accounts may generally change or work around technical restrictions for running the web browser, it is essential that policy requires web browsers not run by administrative users. The policy should define specific exceptions for local service administration. These exceptions may include HTTP(S)-based tools that are used for the administration of the local system, services, or attached devices.

STIG	Date
Windows 8 Security Technical Implementation Guide	2012-11-21

Details

Check Text ( C-WN08-00-000015_chk )
Determine if site policy prohibits the use of a web browser by an administrative user account, except as necessary for local service administration. If it does not, this is a finding.

Fix Text (F-WN08-00-000015_fix)
Establish site policy to prohibit the use of web browsers by administrative user accounts.