Check: DTOO243 - Outlook
Microsoft Outlook 2010 STIG:
DTOO243 - Outlook
(in versions v1 r13 through v1 r12)
Title
Level 1 attachment close behaviors must be configured. (Cat II impact)
Discussion
To protect users from viruses and other harmful files, Outlook uses two levels of security, designated Level 1 and Level 2, to restrict users' access to files attached to e-mail messages or other items. Outlook completely blocks access to Level 1 files by default, and requires users to save Level 2 files to disk before opening them. Potentially harmful files can be classified into these two levels by file type extension, with all other file types considered safe. By default, when a user closes an item to which a level 1 file has been attached, Outlook warns the user that the message contains a potentially unsafe attachment and that the user might not be able to access the attachment when opening the item later. (Such a sequence of events might occur when a user closes a draft message that they intend to resume editing at some future time.) If this configuration is changed, Outlook will not display the warning when the user closes the item but will still block the unsafe attachment if the user opens the message later. This functionality can cause users to lose access to important data.
Check Content
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Do not prompt about Level 1 attachments when closing an item” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value DontPromptLevel1AttachClose is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings -> Attachment Security “Do not prompt about Level 1 attachments when closing an item” to “Disabled”.
Additional Identifiers
Rule ID: SV-33581r1_rule
Vulnerability ID: V-17601
Group Title: DTOO243 - Level 1 Attachment prompt
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
Number | Title |
---|---|
SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |