Title

Automatic download content for email in Safe Senders list must be disallowed. (Cat II impact)

Discussion

This policy setting controls whether Outlook automatically downloads external content in e-mail from senders in the Safe Senders List or Safe Recipients List. If you enable this policy setting, Outlook automatically downloads content for e-mail from people in Safe Senders and Safe Recipients lists. If you disable this policy setting, Outlook will not automatically download content from external servers for messages sent by people listed in users' Safe Senders Lists or Safe Recipients Lists. Recipients can choose to download external content on a message-by-message basis. If you do not configure this policy setting, downloads are permitted when users receive e-mail from people listed in the user's Safe Senders List or Safe Recipients List.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Automatic Picture Download Settings "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\outlook\options\mail Criteria: If the value UnblockSpecificSenders is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Automatic Picture Download Settings "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" to "Disabled".

Additional Identifiers

Rule ID: SV-228459r508021_rule

Vulnerability ID: V-228459

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.