Level 1 file extensions must be blocked and not removed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17774	DTOO244	SV-55898r2_rule		Medium

Description
Malicious code is often spread through e-mail. Some viruses have the ability to send copies of themselves to other people in the victim's Address Book or Contacts list, and such potentially harmful files can affect the computers of unwary recipients.

STIG	Date
Microsoft Outlook 2013 STIG	2018-09-05

Details

Check Text ( C-47962r4_chk )
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2013 >> Security >> Security Form Settings >> Attachment Security "Remove file extensions blocked as Level 1" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security Criteria: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security\ Criteria: If the registry value “FileExtensionsRemoveLevel1” exists, this is a finding.

Check Text ( C-47962r4_chk )

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2013 >> Security >> Security Form Settings >> Attachment Security "Remove file extensions blocked as Level 1" is set to "Disabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security

Criteria: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\security\

Criteria: If the registry value “FileExtensionsRemoveLevel1” exists, this is a finding.

Fix Text (F-46876r3_fix)
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2013 >> Security >> Security Form Settings >> Attachment Security "Remove file extensions blocked as Level 1" to "Disabled".