Software must be disallowed to run or install with invalid signatures. This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on. The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on. Users could submit credentials to servers operated by malicious individuals who could then attempt to connect to legitimate servers with those captured credentials. Logon options must be configured and enforced (Restricted Sites zone). Some older web applications use the MK protocol to retrieve information. The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Internet Explorer Processes for MK protocol must be enforced (iexplore). Users should not be able to add sites to different zones, as this could allow them to bypass security controls of the. This setting prevents users from adding sites to various security zones. Internet Explorer must be set to disallow users to add/delete sites. ![]() Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet and websites listed in the Restricted Sites zone in the browser. Internet Explorer must be configured to disallow users to change policies. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Security flaws with software applications are discovered daily. The version of Internet Explorer running on the system must be a supported version. ![]() Findings (MAC III - Administrative Sensitive) Finding ID
0 Comments
Leave a Reply. |