Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-205924 | WN19-UC-000010 | SV-205924r569188_rule | Medium |
Description |
---|
Attachments from outside sources may contain malicious code. Preserving zone of origin (Internet, intranet, local, restricted) information on file attachments allows Windows to determine risk. |
STIG | Date |
---|---|
Microsoft Windows Server 2019 Security Technical Implementation Guide | 2020-10-26 |
Check Text ( C-6189r356134_chk ) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If the registry Value Name below does not exist, this is not a finding. If it exists and is configured with a value of "2", this is not a finding. If it exists and is configured with a value of "1", this is a finding. Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\ Value Name: SaveZoneInformation Value Type: REG_DWORD Value: 0x00000002 (2) (or if the Value Name does not exist) |
Fix Text (F-6189r356135_fix) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If this needs to be corrected, configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager >> "Do not preserve zone information in file attachments" to "Not Configured" or "Disabled". |