[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-37424-9

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-04



Do not preserve zone information in file attachments This policy setting allows you to manage whether Windows marks file attachments from Internet Explorer or Microsoft Outlook? Express with information about their zone of origin (such as restricted, Internet, intranet, or local). This policy setting requires that files be downloaded to NTFS disk partitions to function correctly. If zone information is not preserved, Windows cannot make proper risk assessments based on the zone where the attachment came from. If the Do not preserve zone information in file attachments setting is enabled, file attachments are not marked with their zone information. If this policy setting is disabled, Windows is forced to store file attachments with their zone information. Because dangerous attachments are often downloaded from untrusted Internet Explorer zones such as the Internet zone, Microsoft recommends that you configure this policy setting to Disabled to help ensure that as much security information as possible is preserved with each file.


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: User ConfigurationAdministrative TemplatesWindows ComponentsAttachment Manager!Do not preserve zone information in file attachments (2) REG: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments!SaveZoneInformation

CCSS Severity:CCSS Metrics:
CCSS Score : 7.3Attack Vector: LOCAL
Exploit Score: 1.3Attack Complexity: LOW
Impact Score: 5.9Privileges Required: LOW
Severity: HIGHUser Interaction: REQUIRED
Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:28000


OVAL    1
oval:org.secpod.oval:def:28000
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_2012_R2

© SecPod Technologies