Details
This policy setting controls whether e-mail messages dragged from Outlook to the file
system are saved in Unicode or ANSI format. If you enable this policy setting, when users
drag an e-mail message from Outlook to the file system, Outlook uses the Unicode character
encoding standard to create the message file, which preserves special characters in the
message. If you disable or do not configure this policy setting, when users drag an e-mail
message from Outlook to the file system, the message file created is in ANSI format. The
recommended state for this setting is- Disabled.
*Rationale*
By default, when users drag e-mail messages from Outlook 2010 to a Windows Explorer
window or to their Desktop, Outlook creates a .msg file using the native character encoding
format for the configured locale (the so-called ‘ANSI’ format). If this setting is Enabled,
Outlook uses the Unicode character encoding standard to create the message file, which
preserves special characters in the message. However, Unicode text is vulnerable to
homograph attacks, in which characters are replaced by different but similar-looking
characters. For example, the Cyrillic letter ? (U+0430) appears identical to the Latin letter a
(U+0061) in many typefaces, but is actually a different character. Homographs can be used
in ‘phishing’ attacks to convince victims to visit fraudulent Web sites and enter sensitive
information.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Disabled.
User ConfigurationAdministrative TemplatesMicrosoft Outlook 2010Outlook
OptionsOtherAdvancedUse Unicode format when dragging e-mail message to file system
Impact-Disabling this setting enforces the default configuration in Outlook 2010, and is therefore
unlikely to cause significant usability issues for most users.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.