Are you considering this? Is it necessary in the current climate?

  • Yes

    Votes: 6 100.0%
  • No

    Votes: 0 0.0%
  • Disable Attachment Preview

    Votes: 4 66.7%
  • Disable Reading Pane

    Votes: 0 0.0%
  • It's a significant inconvenience

    Votes: 2 33.3%
  • Total voters
    6
  • Poll closed .

soccer97

Level 11
Securing Microsoft Outlook on the Windows PC (may also be applicable for Mac users).

I am unaware of any currant threats against Outlook Desktop Client, however: With all of the current threats, especially spam, Ransomware, malicious documents, .zip attachments, and even iframes and JavaScript propagating Ransomware and Malware, have you considered disabling both the Attachment Preview and/ or the Reading Pane (The part generally on the right side where you can view the message without double-clicking the message to open. That way, if you are unsure of the sender, you can move it to Junk before opening. I have done out of caution.

There have been 0-days before and they are likely to be a problem in the future as both Internet Explorer, Office and I believe Windows all have OLE integrated in them. It's also wise, as when you Open Outlook and it downloads messages, what happens if the last message it downloads is malicious and you have both the Attachment Preview and Reading Pane enabled? The email will displayed, possibly the attachment previewed (within a sandbox of some sorts such as IE). There is a potential for exploitation.

The links below offer instructions if you choose to take this precaution.


Previewing Attachments - Microsoft Office Support

Reading Pane On/Off - Microsoft Office Support

For users of Outlook Web App (Browser version)

Previous Patched Vulnerability -RCE:
Outlook “letterbomb” exploit could auto-open attacks in e-mail
(From 12/2015)

Other Sources:
View and edit an attachment in Outlook Web App - Outlook

Turn the Reading Pane on and off - Outlook

Preview attachments - Outlook
 

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Agreed,
Besides disabling most scripts from running on my system I also disable "Attachment Preview"
It does pose a relevant security risk in todays environment.
My vote was "Yes" & Disable Attachment Preview
PeAcE
 
Top