Configure the "internet explorer processes (consistent MIME handling)" setting.

Back

CONTROL ID
04348

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Configure Internet Browser security options according to organizational standards., CC ID: 02166

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Secure Multipurpose Internet Mail Extension (S/MIME) versions earlier than version 3.0 should not be used. (§ 3.9.32, Australian Government ICT Security Manual (ACSI 33))
This setting controls how Internet Explorer handles files received through a Web server. The Internet Explorer Processes (Consistent MIME Handling) setting should be Enabled. This will ensure that the MIME type of the file matches the MIME data of the file, thus preventing executable code masqueradi… (Pg 85, Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings)
Title: Set 'Consistent Mime Handling' to 'Enabled' Description: Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files that are received through a Web server. The Consistent MIME Handling setting determines whether Internet Explor… (Rule:xccdf_org.cisecurity.benchmarks_rule_7.6_Set_Consistent_Mime_Handling_to_Enabled Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_7.6.1_, The Center for Internet Security Microsoft Internet Explorer 10 Level 1 Benchmark, 1.0.0)
Title: Set 'Consistent Mime Handling' to 'Enabled' Description: Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files that are received through a Web server. The Consistent MIME Handling setting determines whether Internet Explor… (Rule:xccdf_org.cisecurity.benchmarks_rule_7.6_Set_Consistent_Mime_Handling_to_Enabled Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_7.6.2_, The Center for Internet Security Microsoft Internet Explorer 10 Level 1 Benchmark, 1.0.0)
Title: Set 'Consistent Mime Handling' to 'Enabled' Description: Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files that are received through a Web server. The Consistent MIME Handling setting determines whether Internet Explor… (Rule:xccdf_org.cisecurity.benchmarks_rule_7.6_Set_Consistent_Mime_Handling_to_Enabled Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_7.6.3_, The Center for Internet Security Microsoft Internet Explorer 10 Level 1 Benchmark, 1.0.0)
Title: Set 'Consistent Mime Handling' to 'Enabled' Description: Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files that are received through a Web server. The Consistent MIME Handling setting determines whether Internet Explor… (Rule:xccdf_org.cisecurity.benchmarks_rule_7.6_Set_Consistent_Mime_Handling_to_Enabled Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_7.6.4_, The Center for Internet Security Microsoft Internet Explorer 10 Level 1 Benchmark, 1.0.0)
The "Internet Explorer Processes (Consistent MIME Handling)" setting should be configured correctly. Technical Mechanisms: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\… (CCE-4047-7, Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214)
The "Consistent Mime Handling: Internet Explorer Processes" machine setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes Par… (CCE-10138-6, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
The "Consistent Mime Handling: Internet Explorer Processes" current user setting should be configured correctly. Technical Mechanisms: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes HKEY_CURRENT… (CCE-15836-0, Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214)
The "Internet Explorer Processes (Consistent MIME Handling)" setting should be configured correctly. (oval:gov.nist.fdcc.ie7:def:884, FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4)
Internet Explorer Processes - Consistent Mime Handling - Local Computer (IEProcesses_ConsistentMimeHandling_LocalComputer, NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. (xccdf_gov.nist_rule_IEProcesses_ConsistentMimeHandling_LocalComputer, oval:gov.nist.USGCB.ie7:def:884, oval:gov.nist.USGCB.ie7:tst:3427, oval:gov.nist.USGCB.ie7:obj:183, oval:gov.nist.USGCB.ie7:ste:3023, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. (xccdf_gov.nist_rule_IEProcesses_ConsistentMimeHandling_LocalComputer, oval:gov.nist.USGCB.ie7:def:884, oval:gov.nist.USGCB.ie7:tst:3565, oval:gov.nist.USGCB.ie7:obj:68, oval:gov.nist.USGCB.ie7:ste:3689, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. (xccdf_gov.nist_rule_IEProcesses_ConsistentMimeHandling_LocalComputer, oval:gov.nist.USGCB.ie7:def:884, oval:gov.nist.USGCB.ie7:tst:3606, oval:gov.nist.USGCB.ie7:obj:102, oval:gov.nist.USGCB.ie7:ste:3851, USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. (xccdf_gov.nist_rule_IEProcesses_ConsistentMimeHandling_LocalComputer, oval:gov.nist.USGCB.ie8:def:31087, oval:gov.nist.USGCB.ie8:tst:31087, oval:gov.nist.USGCB.ie8:obj:31087, oval:gov.nist.USGCB.ie8:ste:31087, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. (xccdf_gov.nist_rule_IEProcesses_ConsistentMimeHandling_LocalComputer, oval:gov.nist.USGCB.ie8:def:31087, oval:gov.nist.USGCB.ie8:tst:31114, oval:gov.nist.USGCB.ie8:obj:31114, oval:gov.nist.USGCB.ie8:ste:31114, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. (xccdf_gov.nist_rule_IEProcesses_ConsistentMimeHandling_LocalComputer, oval:gov.nist.USGCB.ie8:def:31087, oval:gov.nist.USGCB.ie8:tst:31115, oval:gov.nist.USGCB.ie8:obj:31115, oval:gov.nist.USGCB.ie8:ste:31115, USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1)
This setting controls how Internet Explorer handles files received through Web servers. The Internet Explorer Processes (Consistent MIME Handling) setting should be Enabled. This will ensure that the MIME type of a file matches the MIME data of the file, thus preventing executable code masquerading … (Pg 93, NSA Guide to Security Microsoft Windows XP)