Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17774 | DTOO244 | SV-55898r1_rule | ECSC-1 | Medium |
Description |
---|
Malicious code is often spread through e-mail. Some viruses have the ability to send copies of themselves to other people in the victim's Address Book or Contacts list, and such potentially harmful files can affect the computers of unwary recipients. |
STIG | Date |
---|---|
Microsoft Outlook 2013 STIG | 2014-01-06 |
Check Text ( C-47962r3_chk ) |
---|
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Security Form Settings -> Attachment Security "Remove file extensions blocked as Level 1" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security\FileExtensionsRemoveLevel1 Criteria: If the registry key exists, this is a finding. |
Fix Text (F-46876r2_fix) |
---|
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Security Form Settings -> Attachment Security "Remove file extensions blocked as Level 1" to "Disabled". |