Microsoft Windows Server 2016
Attachments must be prevented from being downloaded from RSS feeds
STIG ID:
WN16-CC-000420
|
SRG:
SRG-OS-000480-GPOS-00227
|
Severity:
Medium
|
CCI:
CCI-000366
|
Vulnerability ID:
V-224949
Description
Attachments from RSS feeds may not be secure. This setting will prevent attachments from being downloaded from RSS feeds.
Check
If the following registry value does not exist or is not configured as specified, this is a finding.Registry Hive: HKEY_LOCAL_MACHINERegistry Path: \SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\Value Name: DisableEnclosureDownloadType: REG_DWORDValue: 0x00000001 (1)
Fix
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> RSS Feeds >> "Prevent downloading of enclosures" to "Enabled".