Title

Disable the ability to displaly level 1 attachments in Outlook. (Cat II impact)

Discussion

To protect users from viruses and other harmful files, Outlook 2007 uses two levels of security, designated Level 1 and Level 2, to restrict access to files attached to e-mail messages or other items. Potentially harmful files can be classified into these two levels by file type extension, with all other file types considered safe. By default, Outlook completely blocks access to Level 1 files, and requires users to save Level 2 files to disk before opening them. If this configuration is changed, users will be able to open and execute potentially dangerous attachments, which can affect their computers or compromise the confidentiality, integrity, or availability of data.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Security Form Settings -> Attachment Security “Display Level 1 attachments” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security Criteria: If the value ShowLevel1Attach is REG_DWORD = 0, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Security Form Settings -> Attachment Security “Display Level 1 attachments” will be set to “Disabled”.

Additional Identifiers

Rule ID: SV-18838r1_rule

Vulnerability ID: V-17671

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.