Title

RSS feed synchronization with Common Feed List must be disallowed. (Cat II impact)

Discussion

The Common Feed list is a hierarchical set of RSS feeds to which clients such as Outlook 2010, the Feeds list in Internet Explorer, and the Feed Headlines Sidebar gadget in Windows Vista can subscribe. If Outlook subscribes to a very large feed list, performance and availability can be affected, especially if Outlook is configured to download full RSS message bodies or if the feed list is not AutoArchived regularly. By default, Outlook maintains its own list of feeds and does not automatically subscribe to RSS feeds that are added to the Common Feed List.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds "Synchronize Outlook RSS Feeds with Common Feed List" must be set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\rss Criteria: If the value SyncToSysCFL is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Account Settings -> RSS Feeds "Synchronize Outlook RSS Feeds with Common Feed List" to "Disabled".

Additional Identifiers

Rule ID: SV-242093r960963_rule

Vulnerability ID: V-242093

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.