Title

RSS feed synchronization with Common Feed List - Outlook. (Cat II impact)

Discussion

The Common Feed list is a hierarchical set of RSS feeds to which clients such as Outlook 2007, the Feeds list in Internet Explorer 7, and the Feed Headlines Sidebar gadget in Windows Vista can subscribe. If Outlook subscribes to a very large feed list, performance and availability can be affected, especially if Outlook is configured to download full RSS message bodies or if the feed list is not AutoArchived regularly. By default, Outlook maintains its own list of feeds and does not automatically subscribe to RSS feeds that are added to the Common Feed List.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools \ Account Settings -> RSS Feeds “Synchronize Outlook RSS Feeds with Common Feed List” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS Criteria: If the value SyncToSysCFL is REG_DWORD = 0, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Tools \ Account Settings -> RSS Feeds “Synchronize Outlook RSS Feeds with Common Feed List” will be set to “Disabled”.

Additional Identifiers

Rule ID: SV-19038r1_rule

Vulnerability ID: V-17806

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.