Title

Do not Remove file extensions blocked as level 1. (Cat II impact)

Discussion

Malicious code is often spread through e-mail. Some viruses have the ability to send copies of themselves to other people in the victim's Address Book or Contacts list, and such potentially harmful files can affect the computers of unwary recipients.

Check Content

The policy value for User Configuration >> Administrative Templates >> Microsoft Office Outlook 2007 >> Security >> Security Form Settings >> Attachment Security “Remove file extensions blocked as Level 1” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\ If the registry value “FileExtensionsRemoveLevel1” exists, this is a finding.

Fix Text

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office Outlook 2007 >> Security >> Security Form Settings >> Attachment Security “Remove file extensions blocked as Level 1” to “Disabled”.

Additional Identifiers

Rule ID: SV-18985r2_rule

Vulnerability ID: V-17774

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.