V-223350
SV-223350r961863_rule
CAT II
Files dragged from an Outlook e-mail to the file system must be created in ANSI format.
From: Microsoft Office 365 ProPlus Security Technical Implementation Guide (V3R5)
Description
<VulnDiscussion>This policy setting controls whether e-mail messages dragged from Outlook to the file system are saved in Unicode or ANSI format.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> Other >> Advanced >> Use Unicode format when dragging e-mail message to file system is set to "Disabled".
Use the Windows Registry to navigate to the following key:
HKCU\software\policies\microsoft\office\16.0\outlook\options\general
If the value for msgformat is set to REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> Other >> Advanced >> Use Unicode format when dragging e-mail message to file system to "Disabled".
CCI Reference
CCI-000366- Created
- 2026-01-14 17:55:45
- Last Updated
- 2026-04-07 20:09:05