UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Attachments using generated name for secure temporary folders - Outlook.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17733 DTOO269 - Outlook SV-18910r1_rule ECSC-1 Medium
Description
The Secure Temporary Files folder is used to store attachments when they are opened in e-mail. By default, Outlook 2007 generates a random name for the Secure Temporary Files folder and saves it in the Temporary Internet Files folder. You can use this setting to designate a specific path and folder to use as the Secure Temporary Files folder. This configuration is not recommended, because it means that all users will have temporary Outlook files in the same predictable location, which is not as secure. If the name of this folder is well known, a malicious user or malicious code might target this location to try and gain access to attachments.
STIG Date
Microsoft Outlook 2007 2014-04-03

Details

Check Text ( C-18999r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography -> Signature Status dialog box “Attachment Secure Temporary Folder” will be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\OutlookSecureTempFolder

If the registry key exists, this is a finding.
Fix Text (F-17633r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Cryptography -> Signature Status dialog box “Attachment Secure Temporary Folder” will be set to “Disabled”.