Details
The MK Protocol Security Restriction policy setting reduces attack surface area by
preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable
this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer,
and resources hosted on the MK protocol will fail. If you disable this policy setting,
applications can use the MK protocol API. Resources hosted on the MK protocol will work
for the File Explorer and Internet Explorer processes. If you do not configure this policy
setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources
hosted on the MK protocol will fail. The recommended state for this setting is- Enabled.
*Rationale*
Because the MK protocol is not widely used, it should be blocked wherever it is not needed.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerSecurity FeaturesMK Protocol Security RestrictionInternet Explorer
Processes
Default Value-Enabled
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.