Details
Outlook is made the default program for email, contacts, and calendar services when it is installed, although users can designate other programs as the default programs for these services. If another application is used to provide these services and the organization does not ensure the security of that application, it could be exploited to gain access to sensitive information or launch other malicious attacks.
When an organization has policies that govern the use of personal information management software, allowing users to change the default configuration could enable them to violate such policies.
Solution
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Other ‘Make Outlook the default program for E-mail, Contacts, and Calendar’ to ‘Enabled’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.
References
- 800-53|CM-6b.
- CAT|II
- CCI|CCI-000366
- Rule-ID|SV-53891r1_rule
- STIG-ID|DTOO229
- Vuln-ID|V-17753