7.4 Set 'Consistent Mime Handling' to 'Enabled' - (Reserved)

Information

*Description*

Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine
file handling procedures for files that are received through a Web server. The Consistent
MIME Handling setting determines whether Internet Explorer requires that all file type
information that is provided by Web servers be consistent. For example, if the MIME type
of a file is text/plain but the MIME data indicates that the file is really an executable file,
Internet Explorer changes its extension to reflect this executable status. This capability
helps ensure that executable code cannot masquerade as other types of data that may be
trusted. The recommended state for this setting is- Enabled.

*Rationale*

MIME file type spoofing is a potential threat to your organization. You should ensure that
these files are consistent and properly labeled to help prevent malicious file downloads
that may infect your network. Note This policy setting works in conjunction with, but does
not replace, the MIME Sniffing Safety Features settings.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes

Impact-If you enable this policy setting, Internet Explorer examines all received files and enforces
consistent MIME data for them. If you disable or do not configure this policy setting,
Internet Explorer does not require consistent MIME data for all received files and will use
the MIME data that is provided by the file.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(1), CSCv6|3.1

Plugin: Windows

Control ID: 62c5cb676e1527b3cd014924a56efaf548a230857f4280c47959a1a8e773d90b