Windows Server 2022 must preserve zone information when saving attachments.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-254490 | WN22-UC-000010 | SV-254490r991589_rule | CCI-000366 | medium |
| Description | ||||
| Attachments from outside sources may contain malicious code. Preserving zone of origin (internet, intranet, local, restricted) information on file attachments allows Windows to determine risk. | ||||
| STIG | Date | |||
| Microsoft Windows Server 2022 Security Technical Implementation Guide | 2025-05-15 | |||
Details
Check Text (C-254490r991589_chk)
The default behavior is for Windows to mark file attachments with their zone information.
If the registry Value Name below does not exist, this is not a finding.
If it exists and is configured with a value of "2", this is not a finding.
If it exists and is configured with a value of "1", this is a finding.
Registry Hive: HKEY_CURRENT_USER
Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\
Value Name: SaveZoneInformation
Value Type: REG_DWORD
Value: 0x00000002 (2) (or if the Value Name does not exist)
Fix Text (F-57926r849285_fix)
The default behavior is for Windows to mark file attachments with their zone information.
If this needs to be corrected, configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager >> Do not preserve zone information in file attachments to "Not Configured" or "Disabled".