Title

Level 1 file extensions must be blocked and not removed. (Cat II impact)

Discussion

Malicious code is often spread through e-mail. Some viruses have the ability to send copies of themselves to other people in the victim's Address Book or Contacts list, and such potentially harmful files can affect the computers of unwary recipients.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2013 >> Security >> Security Form Settings >> Attachment Security "Remove file extensions blocked as Level 1" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security Criteria: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security\ Criteria: If the registry value "FileExtensionsRemoveLevel1" exists, this is a finding.

Fix Text

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2013 >> Security >> Security Form Settings >> Attachment Security "Remove file extensions blocked as Level 1" to "Disabled".

Additional Identifiers

Rule ID: SV-242700r961086_rule

Vulnerability ID: V-242700

Group Title: SRG-APP-000207

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.