Title

Create settings to Always warn on untrusted macros - Outlook. (Cat II impact)

Discussion

To protect users from dangerous code, the Outlook 2007 default configuration disables all macros that are not trusted, including unsigned macros, macros with expired or invalid signatures, and macros with valid signatures from publishers who are not on users' Trusted Publishers lists. The default configuration also allows macros that are signed by trusted publishers to run automatically without notifying users, which could allow dangerous code to run

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Trust Center “Security setting for macros” will be set to “Enabled (Always warn)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security Criteria: If the value Level is REG_DWORD = 2, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Outlook 2007 -> Security -> Trust Center “Security setting for macros” will be set to “Enabled (Always warn)”.

Additional Identifiers

Rule ID: SV-19023r1_rule

Vulnerability ID: V-17798

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.