The use of the weather bar in Outlook must be disabled

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-41492	DTOO424	SV-54068r1_rule		Medium

Description
The Weather Bar in Outlook displays weather conditions and forecast for a geographic location. By default, Outlook uses weather data provided by MSN Weather. The Weather Bar supports third-party weather data web services that follow a defined protocol to communicate with Outlook. As long as a third-party weather data service supports this protocol, users can choose that weather data service to provide weather data in the Weather Bar. Since the Weather Bar communicates to external, commercial weather sites, enabling it introduces the possibility of connections to malicious sites that could download malware into the environment.

Description

The Weather Bar in Outlook displays weather conditions and forecast for a geographic location. By default, Outlook uses weather data provided by MSN Weather. The Weather Bar supports third-party weather data web services that follow a defined protocol to communicate with Outlook. As long as a third-party weather data service supports this protocol, users can choose that weather data service to provide weather data in the Weather Bar. Since the Weather Bar communicates to external, commercial weather sites, enabling it introduces the possibility of connections to malicious sites that could download malware into the environment.

STIG	Date
Microsoft Outlook 2013 STIG	2018-09-05

Details

Check Text ( C-48008r1_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Preferences -> Calendar Options -> "Disable Weather Bar" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\outlook\options\calendar Criteria: If the value disableweather is REG_DWORD = 1, this is not a finding.

Check Text ( C-48008r1_chk )

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Preferences -> Calendar Options -> "Disable Weather Bar" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\Microsoft\office\15.0\outlook\options\calendar

Criteria: If the value disableweather is REG_DWORD = 1, this is not a finding.

Fix Text (F-46948r1_fix)
Set the policy User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Preferences -> Calendar Options -> "Disable Weather Bar" to "Enabled".