From Microsoft Outlook 2013 STIG
Part of DTOO228 - Plain Text Options
Associated with: CCI-002418
If outgoing mail is formatted in certain ways, for example, if attachments are encoded in UUENCODE format, attackers might manipulate the messages for their own purposes. If UUENCODE formatting is used, an attacker could manipulate the encoded attachment to bypass content filtering software.
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Mail format -> Internet Formatting "Plain text options" is set to "Enabled" where line length is "132" and that a check does not exist in the "Encode all attachments in UUENCODE format when sending a plain text message" check box option. Procedure: Use the Windows Registry Editor to navigate to the following key: Criteria: If the value for HKCU\Software\Policies\Microsoft\Office\15.0\common\mailsettings\PlainWrapLen is REG_DWORD = 132 (decimal) and the value for HKCU\Software\Policies\Microsoft\Office\15.0\outlook\options\mail\Message Plain Format Mime is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Mail format -> Internet Formatting "Plain text -> options" to "Enabled" where line length is "132" and that NO Check is visible in the "Encode all attachments in UUENCODE format when sending a plain text message" check box option.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer