Title

Disabling download full text of articles as HTML must be configured. (Cat II impact)

Discussion

Many RSS feeds use messages that contain a brief summary of a larger message or an article with a link to the full content. Users can configure Outlook to automatically download the linked content as message attachments for individual RSS feeds. If a feed is frequently updated or typically contains very large messages and is not AutoArchived regularly, downloading full articles can cause the affected message store to become very large, which can affect the performance of Outlook. By default, Outlook does not automatically download the full text of RSS entries when retrieving feeds.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Download full text of articles as HTML attachments” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\rss Criteria: If the value EnableFullTextHTML is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds “Download full text of articles as HTML attachments” to “Disabled”.

Additional Identifiers

Rule ID: SV-33500r1_rule

Vulnerability ID: V-17610

Group Title: DTOO283 - Dwnld articles as HTML attachments

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.