UCF STIG Viewer Logo

VBScript must not be allowed to run in Internet Explorer (Internet zone).


Overview

Finding ID Version Rule ID IA Controls Severity
V-75169 DTBI1125-IE11 SV-89849r1_rule Medium
Description
This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without user intervention. By selecting "Prompt" in the drop-down box, users are asked to choose whether to allow VBScript to run. By selecting "Disable" in the drop-down box, VBScript is prevented from running. If this policy setting is not configured or disabled, VBScript will run without user intervention.
STIG Date
Microsoft Internet Explorer 11 Security Technical Implementation Guide 2018-06-08

Details

Check Text ( C-74961r2_chk )
The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> "Allow VBScript to run in Internet Explorer" must be "Enabled", and "Disable" must be selected from the drop-down box.

Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

If the value for "140C" is not REG_DWORD = 3, this is a finding.

Note: This policy setting will only exist on Windows 10 Redstone 2 or later, and is otherwise not applicable.
Fix Text (F-81781r1_fix)
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Internet Control Panel >> Security Page >> Internet Zone >> "Allow VBScript to run in Internet Explorer" to "Enabled" and select "Disable" from the drop-down box.