Title

Outlook Rich Text options must be set for converting to plain text format. (Cat II impact)

Discussion

Outlook automatically converts Rich Text Format (RTF) messages that are sent over the internet to HTML format, so that the message formatting is maintained and attachments are received. This setting controls how Outlook sends RTF messages to internet recipients.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> Mail Format >> Internet Formatting "Outlook Rich Text options" is "Enabled: Convert to Plain Text format". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\outlook\options\mail Criteria: If the value Message RTF Format is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> Mail Format >> Internet Formatting "Outlook Rich Text options" to "Enabled: Convert to Plain Text format".

Additional Identifiers

Rule ID: SV-251867r812967_rule

Vulnerability ID: V-251867

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.