|Protection from zone elevation must be enforced.
|Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine...
|File downloads must be configured for proper restrictions.
|Disabling this setting allows websites to present file download prompts via code without the user specifically initiating the download. User preferences may also allow the download to occur...
|Warning Bar settings for VBA macros must be configured.
|When users open files containing VBA Macros, applications open the files with the macros disabled and displays the Trust Bar with a warning that macros are present and have been disabled. Users...
|ActiveX installs must be configured for proper restrictions.
|Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in the browser like the other types of HTML or...
|The Internet Explorer Bind to Object functionality must be enabled.
|Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the...
|Add-on Management functionality must be allowed.
|Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring...
|The Saved from URL mark must be selected to enforce Internet zone processing.
|Typically, when Internet Explorer loads a web page from a Universal Naming Convention (UNC) share that contains a Mark of the Web (MOTW) comment, indicating the page was saved from a site on the...
|Scripted Window Security must be enforced.
|Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not...
|Links that invoke instances of IE from within an Office product must be blocked.
|The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of...
|Disabling of user name and password syntax from being used in URLs must be enforced.
|The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:firstname.lastname@example.org. A malicious user might use this URL syntax to...
|Add-ins to Office applications must be signed by a Trusted Publisher.
|Office 2016 applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring this setting may allow an application to load a dangerous...
|Trust Bar Notifications for unsigned applications must be disabled.
|If an application is configured to require all add-ins to be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust...
|Navigation to URLs embedded in Office products must be blocked.
|To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by...