7.6 Set 'Consistent Mime Handling' to 'Enabled'

Information



Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine
file handling procedures for files that are received through a Web server. The Consistent
MIME Handling setting determines whether Internet Explorer requires that all file type
information that is provided by Web servers be consistent. For example, if the MIME type
of a file is text/plain but the MIME data indicates that the file is really an executable file,
Internet Explorer changes its extension to reflect this executable status. This capability
helps ensure that executable code cannot masquerade as other types of data that may be
trusted. The recommended state for this setting is- Enabled.

*Rationale*

MIME file type spoofing is a potential threat to your organization. You should ensure that
these files are consistent and properly labeled to help prevent malicious file downloads
that may infect your network.

Note- This policy setting works in conjunction with, but does not replace, the MIME Sniffing
Safety Features settings.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes

Impact-If you enable this policy setting, Internet Explorer examines all received files and enforces
consistent MIME data for them. If you disable or do not configure this policy setting,
Internet Explorer does not require consistent MIME data for all received files and will use
the MIME data that is provided by the file.

Default Value-Enabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(1), CSCv6|3.1

Plugin: Windows

Control ID: 0cbbec8b1af48d0ea31009a9a969712f96e11a718a57d6973acc97dfc47df3ec