Microsoft Outlook 2007 Security Technical Implementation Guide

Details

Version / Release: V4R16

Published: 2017-10-03

Updated At: 2018-10-12 01:23:29

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-18181r2_rule DTOO104 - Outlook MEDIUM Disable user name and password syntax from being used in URLs The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:[email protected] A malicious user might use this URL syntax to create a hyperlink that appears to open a legitimate Web s
    SV-18188r2_rule DTOO111 - Outlook MEDIUM Enable IE Bind to Object functionality for instances of IE launched from Outlook Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the security settings for the zone in which the control is located
    SV-18203r2_rule DTOO117 - Outlook MEDIUM Evaluate Saved from URL mark when launched from OutLook Typically, when Internet Explorer loads a Web page from a UNC share that contains a Mark of the Web (MOTW) comment that indicates the page was saved from a site on the Internet, Internet Explorer runs the page in the Internet security zone instead of the
    SV-18602r2_rule DTOO123 - Outlook MEDIUM Block navigation to URL embedded in Office products to protect against attack by malformed URL. To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link
    SV-18213r2_rule DTOO129 - Outlook MEDIUM Block pop-ups for links that invoke instances of IE from within Outlook. The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for exa
    SV-35249r4_rule DTOO272 - Outlook MEDIUM Do not permit download of content from safe zones - Outlook By default, Outlook 2007 automatically downloads content from sites that are considered "safe," as defined in the Security tab of the Internet Options dialog box in Internet Explorer. This configuration could allow users to inadvertently download Web beac
    SV-18641r1_rule DTOO219 - Outlook MEDIUM Access restriction settings for published calendars in Outlook. By default, users can share their calendars with others by publishing them to the Microsoft Office Online Calendar Sharing Services and to a server that supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. Office Online allo
    SV-18655r1_rule DTOO224 - Outlook MEDIUM Disable the feature of adding recipients of sent eMail to the 'save sender's list. Sometimes users will send e-mail messages to request that they be taken off a mailing list. If the e-mail recipient is then automatically added to the Safe Senders List, future e mail messages from that address will no longer be sent to the users Junk E-m
    SV-18657r2_rule DTOO234 - Outlook MEDIUM Do not allow Active X One-Off forms to be used in Outlook. By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook Recipient and Body controls) are allowed in one-off forms, or so
    SV-18663r1_rule DTOO246 - Outlook MEDIUM Do not allow Scripts in One-Off Outlook forms. Malicious code can be included within Outlook forms, and such code could be executed when users open the form. By default, Outlook 2007 does not run scripts in forms in which the script and the layout are contained within the message. System Administrator
    SV-18667r1_rule DTOO273 - Outllook MEDIUM Block IE Trusted Zones from being assumed 'trusted' for EMail Download purposes. Malicious users can send HTML e-mail messages with embedded Web beacons, which are pictures and other content from external servers that can be used to track whether specific recipients open the message. Viewing an e-mail message that contains a Web beaco
    SV-18671r1_rule DTOO236 - Outlook MEDIUM All installed trusted COM addins can be trusted. All installed trusted COM addins can be trusted. Because the add-ins are controlled and known by the admins, they should always be presumed trusted. Exchange Settings for the addins still override if present and this option is selected.System Administrat
    SV-18673r1_rule DTOO255 - Outlook MEDIUM Set the Object Model Prompt behavior for programmatic access of the UserProperties.Find Method If an untrusted application accesses address information, the application could gain access to sensitive data and potentially change that data. By default, when an untrusted application attempts to access address information using the UserProperties.Find
    SV-18675r1_rule DTOO250 - Outlook MEDIUM Configure Outlook Object Model Prompt behavior for programmatic address book accesses. If an untrusted application accesses the address book, the application could gain access to sensitive data and potentially change that data. By default, when an untrusted application attempts to access the address book programmatically, Outlook 2007 relie
    SV-18677r1_rule DTOO241 - Outlook MEDIUM Allow Users to demote an EMail Level 1 attachment to Level 2. Outlook 2007 uses two levels of security to restrict access to files attached to e-mail messages or other items. Files with specific extensions can be categorized as Level 1 (users cannot view the file) or Level 2 (users can open the file after saving it
    SV-18679r1_rule DTOO254 - Outlook MEDIUM Configure Object Model Prompt behavior for accessing User Property Formula. A custom form in Outlook could be used to gain access to sensitive address book data and potentially to change that data. By default, when a user tries to bind an address information field to a combination or formula custom field in a custom form, Outlook
    SV-18681r1_rule DTOO253 - Outlook MEDIUM Configure Object Model Prompt behavior for the SaveAs method. If an untrusted application uses the Save As command to programmatically save an item, the application could add malicious data to a user's inbox, a public folder, or an address book. By default, when an untrusted application attempts to use the Save As c
    SV-18683r1_rule DTOO251 - Outlook MEDIUM Configure Object Model Prompt behavior for programmatic access of user address data. If an untrusted application accesses the recipient fields, the application could gain access to sensitive data and potentially change that data. This could result in mail being sent to the wrong party. By default, when an untrusted application attempts to
    SV-18685r1_rule DTOO252 - Outlook MEDIUM Configure Object Model Prompt behavior for Meeting and Task Responses. If an untrusted application programmatically responds to tasks or meeting requests, that application could impersonate a user response to the tasks or meeting requests with false information. By default, when an untrusted application attempts to respond t
    SV-18687r1_rule DTOO249 - Outlook MEDIUM Configure Object Model Prompt for programmatic email send behavior. If an untrusted application programmatically sends e-mail, that application could send mail that includes malicious code, impersonate a user, or launch a denial-of-service attack by sending a large volume of mail to a user or group of users. By default, w
    SV-18689r1_rule DTOO256 - Outlook MEDIUM Configure trusted add-ins behavior for eMail. The Outlook object model includes entry points to access Outlook data, save data to specified locations, and send e-mail messages, all of which can be used by malicious application developers. To help protect these entry points, the Object Model Guard war
    SV-18708r1_rule DTOO226 - Outlook MEDIUM Configure Dial-up and Hang up Options for Outlook. By default, users can connect to their e-mail servers using dial-up networking if their accounts are configured appropriately. Dial-up connections are often used by mobile users who need to connect to the Internet from remote locations. Remote connections
    SV-18710r1_rule DTOO225 - Outlook MEDIUM Configure Outlook Dial-up options to Warn user before allowing switch in dial-up access. By default, users can connect to their e-mail servers using dial-up networking if their accounts are configured appropriately. Dial-up connections are often used by mobile users who need to connect to the Internet from remote locations. Remote connections
    SV-18712r1_rule DTOO237 - Outlook MEDIUM Disable the "remember password" for internet e-mail accounts - Outlook. As a security precaution, password caching for eMail Internet protocols such as POP3 or IMAP may lead to password discovery and evantually to data loss. System AdministratorInformation Assurance Officer
    SV-18729r1_rule DTOO243 - Outlook MEDIUM Prompting behavior when closing a Level 1 attachment in Outlook. To protect users from viruses and other harmful files, Outlook 2007 uses two levels of security, designated Level 1 and Level 2, to restrict users' access to files attached to e-mail messages or other items. Outlook completely blocks access to Level 1 fil
    SV-18731r1_rule DTOO242 - Outlook MEDIUM Promping behavior for Level 1 attachments on Sending - Outlook. To protect users from viruses and other harmful files, Outlook 2007 uses two levels of security, designated Level 1 and Level 2, to restrict access to files attached to e-mail messages or other items. Outlook completely blocks access to Level 1 files by d
    SV-18735r1_rule DTOO261 - Outlook MEDIUM Do not provide Continue Option on Encryption Warning dialog box - Outlook. By default, if Outlook 2007 users see an encryption-related dialog box when attempting to send a message, they can choose to dismiss the warning and send the message anyway. If users send messages after seeing an encryption error, it is likely that recipi
    SV-18743r1_rule DTOO283 - Outlook MEDIUM Disable download full text of articles as HTML attachments in Outlook. Many RSS feeds use messages that contain a brief summary of a larger message or an article with a link to the full content. Users can configure Outlook 2007 to automatically download the linked content as message attachments for individual RSS feeds. If a
    SV-18749r1_rule DTOO277 - Outlook MEDIUM Enable links in Email Messages - Outlook. Outlook 2007's Junk E-mail Filter evaluates each incoming message for possible spam or phishing content. Suspicious message detection is always turned on. By default, Outlook handles suspicious messages in two ways: • If the Junk E-mail Filter does not
    SV-18752r1_rule DTOO279 - Outlook MEDIUM Enable RPC encryption between Outook and Exchange server. By default, the remote procedure call (RPC) communication channel between an Outlook 2007 client computer and an Exchange server is not encrypted. If a malicious person is able to eavesdrop on the network traffic between Outlook and the server, they might
    SV-18766r1_rule DTOO221 - Outlook MEDIUM Hide Junk Mail UI configuration for Outlook. The Junk E-mail Filter in Outlook 2007 is designed to intercept the most obvious junk e-mail, or spam, and send it to users' Junk E-mail folders. The filter evaluates each incoming message based on several factors, including the time when the message was
    SV-18775r4_rule DTOO274 - Outlook MEDIUM Include the Internet with Safe Zones for Picture Download - Outlook Malicious e-mail senders can send HTML e-mail messages with embedded Web beacons, which are pictures and other content from external servers that can be used to track whether recipients open the messages. Viewing e-mail messages that contain Web beacons p
    SV-18779r4_rule DTOO275 - Outlook MEDIUM Configure the "include Intranet" with Safe Zones for automatic picture downloads. Malicious e-mail senders can send HTML e-mail messages with embedded Web beacons, which are pictures and other content from external servers that can be used to track whether recipients open the messages. Viewing e-mail messages with Web beacons in them p
    SV-18838r1_rule DTOO240 - Outlook MEDIUM Disable the ability to displaly level 1 attachments in Outlook. To protect users from viruses and other harmful files, Outlook 2007 uses two levels of security, designated Level 1 and Level 2, to restrict access to files attached to e-mail messages or other items. Potentially harmful files can be classified into these
    SV-18840r3_rule DTOO270 - Outlook MEDIUM Display external content and pictures in HTML eMail - Outlook. Malicious e-mail senders can send HTML e-mail messages with embedded Web beacons, which are pictures and other content from external servers that can be used to track whether specific recipients open the message. Viewing an e-mail message that contains a
    SV-18842r1_rule DTOO227 - Outlook MEDIUM Disable the "do not allow creating, replying or forwarding of signatures' feature - Outlook By default, Outlook 2007 users can create and use signatures in e-mail messages. Users can add signatures to messages manually, and can also configure Outlook to automatically append signatures to new messages, to replies and forwards, or to all three. Si
    SV-18844r1_rule DTOO230 - Outlook MEDIUM Do not allow folders in non-default stores to be set as folder home pages - Outlook. Outlook 2007 allows users to designate Web pages as home pages for personal or public folders. When a user clicks on a folder, Outlook displays the home page the user has assigned to it. Although this feature provides the opportunity to create powerful pu
    SV-18846r1_rule DTOO233 - Outlook MEDIUM Do not allow Outlook Object Model scripts to run for public folders - Outlook. In Outlook 2007, folders can be associated with custom forms or folder home pages that include scripts that access the Outlook object model. These scripts can add functionality to the folders and items contained within, but dangerous scripts can pose secu
    SV-18848r1_rule DTOO232 - Outlook MEDIUM Do not allow Outlook Object Model scripts to run for shared folders - Outlook. In Outlook 2007, folders can be associated with custom forms or folder home pages that include scripts that access the Outlook object model. These scripts can add functionality to the folders and items contained within, but dangerous scripts can pose secu
    SV-18850r1_rule DTOO263 - Outlook MEDIUM Do not check eMail address against address of certificates being used - Outlook By default, when a user digitally signs a message, Outlook 2007 compares the user's e-mail address with the certificate used for signing. The user's e-mail address must appear in either the Subject field or the Subject Alternative Name field of the certif
    SV-18852r1_rule DTOO285 - Outlook MEDIUM Do not include Internet Calendar Integration in Outlook. The Internet Calendar feature in Outlook 2007 enables users to publish calendars online (using the webcal:// protocol) and subscribe to calendars that others have published. When users subscribe to an Internet calendar, Outlook queries the calendar at reg
    SV-18910r2_rule DTOO269 - Outlook MEDIUM Attachments using generated name for secure temporary folders - Outlook. The Secure Temporary Files folder is used to store attachments when they are opened in e-mail. By default, Outlook 2007 generates a random name for the Secure Temporary Files folder and saves it in the Temporary Internet Files folder. You can use this set
    SV-18912r1_rule DTOO280 - Outlook MEDIUM Require user Authentication with Exchange Server - Outlook Exchange Server supports the Kerberos authentication protocol and NTLM for authentication. The Kerberos protocol is the more secure authentication method and is supported on Windows 2000 Server and later versions. NTLM authentication is supported in pre-W
    SV-18916r2_rule DTOO278 - Outlook MEDIUM Automatically configure user profile based on Active Directory primary SMTP address - Outlook By default, if a user is joined to a domain in an Active Directory environment and does not have an e-mail account configured, Outlook 2007 populates the e-mail address field of the New Account Wizard with the primary SMTP address of the user who is curre
    SV-18918r1_rule DTOO284 - Outlook MEDIUM Automatically download Internet Calendar appointment attachments. Files attached to Internet Calendar appointments could contain malicious code that could be used to compromise a computer. By default, Outlook 2007 does not download attachments when retrieving Internet Calendar appointments. System AdministratorInformati
    SV-18920r1_rule DTOO271 - Outlook MEDIUM Disable automatic download content for email from people in Safe Senders and Safe reciipeint lists. Malicious e-mail senders can send HTML e-mail messages with embedded Web beacons, or pictures and other content from external servers that can be used to track whether specific recipients have opened a message. Viewing an e-mail message that contains a We
    SV-18935r1_rule DTOO222 - Outlook MEDIUM Junk email protection level for outlook The Junk E-mail Filter in Outlook 2007 is designed to intercept the most obvious junk e-mail, or spam, and send it to users' Junk E-mail folders. The filter evaluates each incoming message based on several factors, including the time when the message was
    SV-18946r1_rule DTOO229 - Outlook MEDIUM Make Outlook the default email, calendar, and contacts program. By default, Outlook 2007 is made the default program for E-mail, contacts, and calendar services when it is installed, although users can designate other programs as the default programs for these services. If another application is used to provide these
    SV-18948r1_rule DTOO260 - Outlook MEDIUM Enable messages formats are set to use SMime - Outlook. E-mail typically travels over open networks and is passed from server to server. Messages are therefore vulnerable to interception, and attackers might read or alter their contents. It is therefore important to have a mechanism for signing messages and pr
    SV-18950r2_rule DTOO268 - Outlook MEDIUM Enable the Missing Root Certificates warning - Outlook. When Outlook 2007 accesses a certificate, it validates that it can trust the certificate by examining the root certificate of the issuing CA. If the root certificate can be trusted, then certificates issued by the CA can also be trusted. If Outlook cannot
    SV-18958r1_rule DTOO239 - Outlook MEDIUM Configure Outlook Security Mode to use Policy settings. - Outlook. If users can configure security themselves, they might choose levels of security that leave their computers vulnerable to attack. By default, Outlook 2007 users can configure security for themselves, and Outlook ignores any security-related settings that
    SV-18960r1_rule DTOO228 - Outlook MEDIUM Disable Plain Text Options for outbound email - Outlook If outgoing mail is formatted in certain ways, for example if attachments are encoded in UUENCODE format, attackers might manipulate the messages for their own purposes. If UUENCODE formatting is used, an attacker could manipulate the encoded attachment t
    SV-18962r1_rule DTOO217 - Outlook MEDIUM Prevent publishing to a Web Distributed and Authoring (DAV) server - Outlook. By default, Outlook 2007 users can share their calendars with others by publishing them to a server that supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. Unlike the Microsoft Office Online Calendar Sharing Service, which
    SV-18964r1_rule DTOO216 - Outlook MEDIUM Prevent publishing calendars to Office Online. - Outlook By default, Outlook 2007 users can share their calendars with selected others by publishing them to the Microsoft Office Outlook Calendar Sharing Service. Users can control who can view their calendar and at what level of detail. If your organization has
    SV-18970r1_rule DTOO238 - Outlook MEDIUM Prevent users from customizing attachment security settings - Outlook All installed trusted COM addins can be trusted. Exchange Settings for the addins still override if present and this option is selected.System AdministratorInformation Assurance Officer
    SV-18978r1_rule DTOO214 - Outlook MEDIUM Read EMail as plain text - Outlook. Outlook 2007 can display e-mail messages and other items in three formats: plain text, Rich Text Format (RTF), and HTML. By default, Outlook displays e-mail messages in whatever format they were received in. System AdministratorInformation Assurance Offic
    SV-18980r1_rule DTOO215 - Outlook MEDIUM Read signed email as plain text. Outlook 2007 can display e-mail messages and other items in three formats: plain text, Rich Text Format (RTF), and HTML. By default, Outlook displays digitally signed e-mail messages in the format they were received in. System AdministratorInformation Ass
    SV-18985r2_rule DTOO244 - Outlook MEDIUM Do not Remove file extensions blocked as level 1. Malicious code is often spread through e-mail. Some viruses have the ability to send copies of themselves to other people in the victim's Address Book or Contacts list, and such potentially harmful files can affect the computers of unwary recipients.Syste
    SV-18988r2_rule DTOO245 - Outlook MEDIUM Do not remove file extensions blocked as level 2 - Outlook. Malicious code is often spread through e-mail. Some viruses have the ability to send copies of themselves to other people in the victim's Address Book or Contacts list, and such potentially harmful files can affect the computers of unwary recipients. Outl
    SV-18990r1_rule DTOO218 - Outlook MEDIUM Restrict level of calendar details that a user can publish - Outlook. By default, Outlook 2007 users can share their calendars with selected others by publishing them to the Microsoft Office Outlook Calendar Sharing Service. Users can choose from three levels of detail: • Availability only. Authorized visitors will see th
    SV-18992r1_rule DTOO220 - Outlook MEDIUM Restrict upload method for publishing calendars to Office Online - Outlook. By default, when users publish their calendar to Microsoft Office Online using the Microsoft Office Outlook Calendar Sharing Service, Outlook 2007 updates the calendars online at regular intervals unless they click Advanced and select Single Upload: Updat
    SV-18995r1_rule DTOO267 - Outlook MEDIUM Configure "retrieving Certificate Revokation List" (CRL) data - Outlook Certificate revocation lists (CRLs) are lists of digital certificates that have been revoked by their controlling certificate authorities (CAs), typically because the certificates were issued improperly or their associated private keys were compromised. B
    SV-19005r1_rule DTOO262 - Outlook MEDIUM Run in FIPS compliant mode - Outlook. Outlook 2007 can run in a mode that complies with Federal Information Processing Standards (FIPS), a set of standards published by the National Institute of Standards and Technology (NIST) for use by non-military United States government agencies and by g
    SV-19010r1_rule DTOO257 - Outlook MEDIUM No S/Mime interoperability with external clients for message handling. In some situations, administrators might wish to use an external program, such as an add-in, to handle S/MIME message decryption. If your organization works with encrypted messages that the decryption functionality in Outlook 2007 cannot handle appropriat
    SV-19012r1_rule DTOO258 - Outlook MEDIUM Configure S/Mime password setting - default S/Mime password time Key Management Server (KMS) was a product that could be integrated with certain versions of Microsoft Exchange Server prior to Exchange 2000 SP2. Users must supply a password to use certificates issued by KMS to sign or decrypt e-mail messages. When Outlo
    SV-19014r1_rule DTOO259 - Office MEDIUM Enable the feature and configure the maximum S/Mime password time setting. Key Management Server (KMS) was a product that could be integrated with certain versions of Microsoft Exchange Server prior to Exchange 2000 SP2. Users must supply a password to use certificates issued by KMS to sign or decrypt e-mail messages. When Outlo
    SV-19018r1_rule DTOO266 - Outlook MEDIUM Enable security feature to never automatically send s/Mime receipt requests. Incoming signed or encrypted messages might include S/MIME receipt requests. S/MIME receipts provide confirmation that messages are received unaltered, and can include information about who opened the message and when it was opened. By default, when users
    SV-19023r1_rule DTOO276 - Outlook MEDIUM Create settings to Always warn on untrusted macros - Outlook. To protect users from dangerous code, the Outlook 2007 default configuration disables all macros that are not trusted, including unsigned macros, macros with expired or invalid signatures, and macros with valid signatures from publishers who are not on us
    SV-19026r1_rule DTOO264 - Outlook MEDIUM Configure to send all signed messages as clear signed messages - Outlook. By default, when users sign e-mail messages with their digital signature and send them, Outlook 2007 uses the signature's private key to encrypt the digital signature but sends the messages as clear text, unless they are encrypted separately. If users cha
    SV-19028r1_rule DTOO248 - Base MEDIUM Set Control Item property prompt for data, to automatically deny. When a control on a custom Outlook 2007 form is bound directly to any of the Address Information fields, the form code can indirectly retrieve the value of the Address Information field by obtaining the Value property of the control. If the custom form wa
    SV-19030r1_rule DTOO247 - Outlook MEDIUM Set custom Outlook Object Model (OOM) action execution prompt - Outlook. Custom actions add functionality to Outlook 2007 that can be triggered as part of a rule. Among other possible features, custom actions can be created that reply to messages in ways that circumvent the Outlook model's programmatic send protections. By def
    SV-19032r1_rule DTOO265 - Outlook MEDIUM Set security feature to always warn about invalid signature - Outlook. By default, if users open e-mail messages that include invalid digital signatures, Outlook 2007 displays a warning dialog box. Users can decide whether they want to be warned about invalid signatures in the future. If users are not notified about invalid
    SV-19038r1_rule DTOO281 - Outlook MEDIUM RSS feed synchronization with Common Feed List - Outlook. The Common Feed list is a hierarchical set of RSS feeds to which clients such as Outlook 2007, the Feeds list in Internet Explorer 7, and the Feed Headlines Sidebar gadget in Windows Vista can subscribe. If Outlook subscribes to a very large feed list, pe
    SV-19040r1_rule DTOO223 - Outlook MEDIUM Trust EMail from senders in receiver's contact list - Outlook. By default, e-mail addresses in users' Contacts list are treated as safe senders for purposes of filtering junk e-mail. If this configuration is changed, e-mail from users' Contacts might be misclassified as junk and cause important information to be lost
    SV-19042r2_rule DTOO282 - Outlook MEDIUM Enable the "turn off RSS Feeds" feature in Outlook. By default, users can subscribe to RSS feeds from within Outlook 2007 and read RSS items like e-mail messages. If your organization has policies that govern the use of external resources such as RSS feeds, allowing users to subscribe to the RSS feed in Ou
    SV-19050r1_rule DTOO231 - Outlook MEDIUM Disable the feature that uses Unicode when dragging eMail message to file system - Outlook. By default, when users drag e-mail messages from Outlook 2007 to a Windows Explorer window or to their Desktop, Outlook creates a .msg file using the native character encoding format for the configured locale (the so-called "ANSI" format). If this setting
    SV-32370r3_rule DTOO287 HIGH An unsupported Microsoft Office version must not be installed. Failure to install the most current Office version leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities. If Microsoft Office installation is not at the most current version and service pack
    SV-55983r2_rule DTOO425 CCI-000366 MEDIUM Text in Outlook that represents Internet and network paths must not be automatically turned into hyperlinks. The ability of Outlook to automatically turn text that represents Internet and network paths into hyperlinks would allow users to click on those hyperlinks in email messages and access malicious or otherwise harmful websites.System AdministratorInformatio