Free DISA STIG and SRG Library | Vaulted

V-44805

Browser must support auto-updates.

Finding ID
DTBC-0050
Rule ID
SV-57639r3_rule
Severity
Cat II
CCE
(None)
Group Title
DTBC0050 - Auto updates
CCI
CCI-002614
Target Key
(None)
Documentable
No
Discussion

One of the most effective defenses against exploitation of browser vulnerabilities is to ensure the version of the browser is current. Frequent updates provide corrections to discovered vulnerabilities and the timely update reduces the window for zero day attacks. Automatic installation of updates and patches is the most effective method for keeping the browser software current. The browser must have the capability to install software updates and patches automatically.

Fix Text

1. Start regedit 2. Navigate to Key Path: HKLM\Software\Policies\Google\Update Value Name: AutoUpdateCheckPeriodMinutes Value Type: Boolean (REG_DWORD) Value Data: 10080 or less, but not 0.

Check Content

Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Update\ 3. If the AutoUpdateCheckPeriodMinutes value name does not exist or its value is set to 0 or greater than 10080, this is a finding.