Title

Enable Warning Bar settings for VBA macros contained in Excel Files. (Cat II impact)

Discussion

By default, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that macros are present and have been disabled. Users can inspect and edit the files if appropriate, but cannot use any disabled functionality until they enable it by clicking Options on the Trust Bar and selecting the appropriate action. If users enable dangerous macros, it could affect their computers or cause sensitive information to be compromised.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Excel 2007 -> Excel Options -> Security -> Trust Center “VBA macro warning settings” will be set to “Enabled (Trust Bar warning for all macros)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security Criteria: If the value VBAWarnings is REG_DWORD = 2, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Excel 2007 -> Excel Options -> Security -> Trust Center “VBA macro warning settings” will be set to “Enabled (Trust Bar warning for all macros)”.

Additional Identifiers

Rule ID: SV-18638r1_rule

Vulnerability ID: V-17545

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.