Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The use of the weather bar in Outlook must be disabled
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-41492 | DTOO424 | SV-54068r1_rule | Medium |
| Description |
|---|
| The Weather Bar in Outlook displays weather conditions and forecast for a geographic location. By default, Outlook uses weather data provided by MSN Weather. The Weather Bar supports third-party weather data web services that follow a defined protocol to communicate with Outlook. As long as a third-party weather data service supports this protocol, users can choose that weather data service to provide weather data in the Weather Bar. Since the Weather Bar communicates to external, commercial weather sites, enabling it introduces the possibility of connections to malicious sites that could download malware into the environment. |
| STIG | Date |
|---|---|
| Microsoft Outlook 2013 STIG | 2014-01-06 |
Details
| Check Text ( C-48008r1_chk ) |
|---|
| Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Preferences -> Calendar Options -> "Disable Weather Bar" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\outlook\options\calendar Criteria: If the value disableweather is REG_DWORD = 1, this is not a finding. |
| Fix Text (F-46948r1_fix) |
|---|
| Set the policy User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Preferences -> Calendar Options -> "Disable Weather Bar" to "Enabled". |