Title

The prompt to display level 1 attachments must be disallowed when sending an item. (Cat II impact)

Discussion

To protect users from viruses and other harmful files, Outlook 2013 uses two levels of security, designated Level 1 and Level 2, to restrict access to files attached to e-mail messages or other items. Outlook completely blocks access to Level 1 files by default, and requires users to save Level 2 files to disk before opening them. Potentially harmful files can be classified into these two levels by file type extension, with all other file types considered safe. By default, when users attempt to send an item to which a level 1 file has been attached, Outlook warns them that the message contains a potentially unsafe attachment and that the recipient might not be able to access it. If this configuration is changed, Outlook will not display the warning when users send such items, which can cause users to lose access to important data.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Security Form Settings -> Attachment Security "Do not prompt about Level 1 attachments when sending an item" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security Criteria: If the value DontPromptLevel1AttachSend is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Security Form Settings -> Attachment Security "Do not prompt about Level 1 attachments when sending an item" to "Disabled".

Additional Identifiers

Rule ID: SV-53957r2_rule

Vulnerability ID: V-17602

Group Title: DTOO242 - Level 1 Attachment Prompt on sending.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.