From Microsoft Outlook 2010 STIG
Part of DTOO228 - Plain Text Options
Associated with: CCI-002418
If outgoing mail is formatted in certain ways, for example if attachments are encoded in UUENCODE format, attackers might manipulate the messages for their own purposes. If UUENCODE formatting is used, an attacker could manipulate the encoded attachment to bypass content filtering software.
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail format -> Internet Formatting "Plain text options" must be set to "Enabled" where line length is "132" and that NO Check is visible in the "Encode all attachments in UUENCODE format when sending a plain text message" checkbox option. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\mailsettings Criteria: If the value PlainWrapLen is REG_DWORD = 132 (decimal), this is not a finding. AND HKCU\Software\Policies\Microsoft\Office\14.0\outlook\options\mail Criteria: If the value Message Plain Format Mime is REG_DWORD = 1, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Outlook Options -> Mail format -> Internet Formatting "Plain text -> options" to "Enabled" where line length is "132" and that NO Check is visible in the "Encode all attachments in UUENCODE format when sending a plain text message" checkbox option.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer