8.1.20 Set 'Enable MIME Sniffing' to 'Enabled:Enable'

Information



This policy setting allows you to manage MIME sniffing for file promotion from one type to
another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If you enable this policy setting, the MIME Sniffing Safety
Feature will not apply in this zone. The security zone will run without the added layer of
security provided by this feature. If you disable this policy setting, the actions that may be
harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the MIME Sniffing Safety Feature will not apply in this zone. The recommended
state for this setting is- Enabled-Enable.

*Rationale*

The MIME Sniffing Safety Feature improves security in some scenarios by providing an
added layer of defense against potentially malicious files. The feature also helps with
compatibility issues caused by web servers that specify incorrect MIME types. Under
certain circumstances it can actually increase the risk of compromise because Internet
Explorer may detect a script embedded within content that has a non-script MIME type
declared and execute the script.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone\Enable MIME SniffingThen set the Enable MIME Sniffing option to Enable.

Impact-If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this
zone; the security zone will run without the added layer of security provided by this
feature. If you disable this policy setting, the actions that may be harmful cannot run; this
Internet Explorer security feature will be turned on in this zone, as dictated by the feature
control setting for the process. If you do not configure this policy setting, the MIME Sniffing
Safety Feature will not apply in this zone.

Default Value-Enabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3

Plugin: Windows

Control ID: 18ce88c6609fe2662dcad2b74d901b2b26707710a738147b911691ce80971cac