Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-225069 | WN16-UC-000030 | SV-225069r569186_rule | Medium |
Description |
---|
Attachments from outside sources may contain malicious code. Preserving zone of origin (Internet, intranet, local, restricted) information on file attachments allows Windows to determine risk. |
STIG | Date |
---|---|
Microsoft Windows Server 2016 Security Technical Implementation Guide | 2023-08-22 |
Check Text ( C-26760r466109_chk ) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If the registry Value Name below does not exist, this is not a finding. If it exists and is configured with a value of "2", this is not a finding. If it exists and is configured with a value of "1", this is a finding. Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\ Value Name: SaveZoneInformation Value Type: REG_DWORD Value: 0x00000002 (2) (or if the Value Name does not exist) |
Fix Text (F-26748r466110_fix) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If this needs to be corrected, configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager >> "Do not preserve zone information in file attachments" to "Not Configured" or "Disabled". |