Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-93311 | WN19-UC-000010 | SV-103399r1_rule | Medium |
Description |
---|
Attachments from outside sources may contain malicious code. Preserving zone of origin (Internet, intranet, local, restricted) information on file attachments allows Windows to determine risk. |
STIG | Date |
---|---|
Windows Server 2019 Security Technical Implementation Guide | 2020-06-15 |
Check Text ( C-92629r1_chk ) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If the registry Value Name below does not exist, this is not a finding. If it exists and is configured with a value of "2", this is not a finding. If it exists and is configured with a value of "1", this is a finding. Registry Hive: HKEY_CURRENT_USER Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\ Value Name: SaveZoneInformation Value Type: REG_DWORD Value: 0x00000002 (2) (or if the Value Name does not exist) |
Fix Text (F-99557r1_fix) |
---|
The default behavior is for Windows to mark file attachments with their zone information. If this needs to be corrected, configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager >> "Do not preserve zone information in file attachments" to "Not Configured" or "Disabled". |