Title

Mechanisms for removing zone information from file attachments must be hidden. (Cat II impact)

Discussion

Preserving zone of origin (internet, intranet, local, restricted) information on file attachments allows Windows to determine risk. This setting prevents users from manually removing zone information from saved file attachments.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_CURRENT_USER Registry Path: \Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ Value Name: HideZoneInfoOnProperties Type: REG_DWORD Value: 1

Fix Text

Configure the policy value for User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager -> "Hide mechanisms to remove zone information" to "Enabled".

Additional Identifiers

Rule ID: SV-226366r794686_rule

Vulnerability ID: V-226366

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.