Attachments using generated name for secure temporary folders must be configured.

From Microsoft Outlook 2013 STIG

Part of DTOO269 - Attachments to Secure Temporary Folder

SV-54038r1_rule Attachments using generated name for secure temporary folders must be configured.

Vulnerability discussion

The Secure Temporary Files folder is used to store attachments when they are opened in email. By default, Outlook generates a random name for the Secure Temporary Files folder and saves it in the Temporary Internet Files folder. This setting can be used to designate a specific path and folder to use as the Secure Temporary Files folder. This configuration is not recommended, because it means that all users will have temporary Outlook files in the same predictable location, which is not as secure. If the name of this folder is well known, a malicious user or malicious code might target this location to try and gain access to attachments.

Check content

Fix text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Cryptography -> Signature Status dialog box "Attachment Secure Temporary Folder" to "Disabled".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer