DTOO228 - Outlook - Plain Text Options for outbound email must be configured - Message Plain Format Mime

Information

If outgoing mail is formatted in certain ways, for example if attachments are encoded in UUENCODE format, attackers might manipulate the messages for their own purposes. If UUENCODE formatting is used, an attacker could manipulate the encoded attachment to bypass content filtering software.
Outlook 2010 automatically wraps plain text messages and uses the standard MIME format to encode attachments in plain text messages. However, these settings can be altered to allow e-mail to be read in plain text e-mail programs that use a non-standard line length or that cannot process MIME attachments.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail format -> Internet Formatting 'Plain text -> options' to 'Enabled' where line length is '132' and that NO Check is visible in the 'Encode all attachments in UUENCODE format when sending a plain text message' checkbox option.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Outlook_2010_V1R13_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CAT|II, CCI|CCI-002418, Rule-ID|SV-33505r2_rule, STIG-ID|DTOO228, Vuln-ID|V-17761

Plugin: Windows

Control ID: bb8bec1d69e320ab416dc9e05d065093027d952130a17fe0f4d4893de151d0fe