Title

Permit download of content from safe zones must be configured. (Cat II impact)

Discussion

By default, Outlook automatically downloads content from sites that are considered "safe," as defined in the Security tab of the Internet Options dialog box in Internet Explorer. This configuration could allow users to inadvertently download Web beacons that reveal their identity to spammers and other malicious people.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Automatic Picture Download Settings "Do not permit download of content from safe zones" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\options\mail Criteria: If the value UnblockSafeZone is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Automatic Picture Download Settings "Do not permit download of content from safe zones" to "Disabled".

Additional Identifiers

Rule ID: SV-54046r1_rule

Vulnerability ID: V-17470

Group Title: DTOO272 - Content download from safe zones

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.