Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-254490 | WN22-UC-000010 | SV-254490r849286_rule | Medium |
Description |
---|
Attachments from outside sources may contain malicious code. Preserving zone of origin (internet, intranet, local, restricted) information on file attachments allows Windows to determine risk. |
STIG | Date |
---|---|
Microsoft Windows Server 2022 Security Technical Implementation Guide | 2023-09-11 |
Check Text ( C-57975r849284_chk ) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If the registry Value Name below does not exist, this is not a finding. If it exists and is configured with a value of "2", this is not a finding. If it exists and is configured with a value of "1", this is a finding. Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\ Value Name: SaveZoneInformation Value Type: REG_DWORD Value: 0x00000002 (2) (or if the Value Name does not exist) |
Fix Text (F-57926r849285_fix) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If this needs to be corrected, configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager >> Do not preserve zone information in file attachments to "Not Configured" or "Disabled". |