Details

Attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Certainly file types such as .bin, .exe, .bat, and so on will be recognized as threats.

This feature prevents users from opening or launching file types other than PDF or FDF and disables the menu option.

Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210

Solution

Configure the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: SoftwarePoliciesAdobeAcrobat Reader2015FeatureLockDown

Value Name: iFileAttachmentPerms
Type: REG_DWORD
Value: 1

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Reader_DC_Classic_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-18(1)
• 800-53|SC-18(3)
• 800-53|SC-18(4)
• CAT|II
• CCI|CCI-001166
• CCI|CCI-001169
• CCI|CCI-001170
• CCI|CCI-001662
• CCI|CCI-001695
• Rule-ID|SV-213147r557349_rule
• STIG-ID|ARDC-CL-000035
• STIG-Legacy|SV-80261
• STIG-Legacy|V-65771
• Vuln-ID|V-213147

Source

• Tenable.com/audits