8.3.14 Set 'XAML Files' to 'Enabled:Disable'

Information



This policy setting allows you to manage the loading of Extensible Application Markup
Language (XAML) files. XAML is an XML-based declarative markup language commonly
used for creating rich user interfaces and graphics that take advantage of the Windows
Presentation Foundation. If you enable this policy setting and set the drop-down box to
Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot
change this behavior. If you set the drop-down box to Prompt, the user is prompted for
loading XAML files. If you disable this policy setting, XAML files are not loaded inside
Internet Explorer. The user cannot change this behavior. If you do not configure this policy
setting, the user can decide whether to load XAML files inside Internet Explorer. The
recommended state for this setting is- Enabled-Disable.

*Rationale*

Enabling loading of XAML files is a risky configuration due to the broad attack surface
exposed by the feature.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.


Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow loading of
XAML filesThen set the XAML Files option to Disable.

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3), CSCv6|3.1

Plugin: Windows

Control ID: 259531f39746dcb61299e5d1825e44a2e9c6661e8fb8515f4ab8ca88d43dc0a3