STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Internet Explorer 11 Security Technical Implementation Guide

V-223049

CAT II (Medium)

Enabling outdated ActiveX controls for Internet Explorer must be blocked.

Rule ID

SV-223049r960963_rule

STIG

Microsoft Internet Explorer 11 Security Technical Implementation Guide

Version

V2R7

CCIs

CCI-000381

Discussion

This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very important to keep ActiveX controls up to date because malicious or compromised webpages can target security flaws in out-of-date ActiveX controls.

Check Content

In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, verify "Turn off blocking of outdated ActiveX controls for Internet Explorer" is set to “Disabled”. 

Use the Windows Registry Editor to navigate to the following key: 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext 

If the value "VersionCheckEnabled" is REG_DWORD = 1, this is not a finding.

Fix Text

In the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> Add-on Management, set "Turn off blocking of outdated ActiveX controls for Internet Explorer" to "Disabled".