Windows Server 2019 must preserve zone information when saving attachments.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-205924 | WN19-UC-000010 | SV-205924r991589_rule | CCI-000366 | medium |
| Description | ||||
| Attachments from outside sources may contain malicious code. Preserving zone of origin (Internet, intranet, local, restricted) information on file attachments allows Windows to determine risk. | ||||
| STIG | Date | |||
| Microsoft Windows Server 2019 Security Technical Implementation Guide | 2025-05-23 | |||
Details
Check Text (C-205924r991589_chk)
The default behavior is for Windows to mark file attachments with their zone information.
If the registry Value Name below does not exist, this is not a finding.
If it exists and is configured with a value of "2", this is not a finding.
If it exists and is configured with a value of "1", this is a finding.
Registry Hive: HKEY_CURRENT_USER
Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\
Value Name: SaveZoneInformation
Value Type: REG_DWORD
Value: 0x00000002 (2) (or if the Value Name does not exist)
Fix Text (F-6189r356135_fix)
The default behavior is for Windows to mark file attachments with their zone information.
If this needs to be corrected, configure the policy value for User Configuration >> Administrative Templates >> Windows Components >> Attachment Manager >> "Do not preserve zone information in file attachments" to "Not Configured" or "Disabled".