Title

Disable Trust Bar Notification for unsigned application add-ins - InfoPath (Cat II impact)

Discussion

By default, if an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message that informs users about the unsigned add-in.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Security Criteria: If the value NoTBPromptUnsignedAddin is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins” will be set to “Enabled”.

Additional Identifiers

Rule ID: SV-18221r1_rule

Vulnerability ID: V-17187

Group Title: DTOO131 - Trust Bar Notifications

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.