Detections
Analytics

1.253 WN22-UC-000010

Information

Windows Server 2022 must preserve zone information when saving attachments.

GROUP ID: V-254490
RULE ID: SV-254490r991589

Attachments from outside sources may contain malicious code. Preserving zone of origin (internet, intranet, local, restricted) information on file attachments allows Windows to determine risk.

Solution

The default behavior is for Windows to mark file attachments with their zone information.

If this needs to be corrected, configure the policy value for

User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager >> Do not preserve zone information in file attachments to 'Not Configured' or 'Disabled'

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-254490r991589_rule, STIG-ID|WN22-UC-000010, Vuln-ID|V-254490

Plugin: Windows

Control ID: 428f07429b084b3172a11db75dffbeaf85f15d6ce5b550eb8ffb42cca55dd5c2