7.8 Set 'MK Protocol Security Restriction' to 'Enabled' - explorer.exe

Information

*Description*

This policy setting reduces attack surface area because it blocks the seldom-used MK
protocol. Some older Web applications use the MK protocol to retrieve information from
Microsoft Help files and compressed files.
Microsoft recommends that you block the MK protocol unless you specifically need it in
your environment. The recommended state for this setting is- Enabled.

*Rationale*

Because the MK protocol is not widely used, it should be blocked wherever it is not needed.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer
Processes

Impact-If you configure this policy setting to Enabled, the MK protocol is blocked for Windows
Explorer and Internet Explorer, which causes resources that use the MK protocol to fail. If
you disable this policy setting, other applications are allowed to use the MK protocol API.
Because resources that use the MK protocol will fail when you deploy this policy setting,
you should ensure that none of your applications use the protocol.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CSCv6|3.1

Plugin: Windows

Control ID: c80cbd19a94f424eec2ebced90fa640a443805828d1405e1eb7946b5534308b6