Check: DTOO236 - Outlook
Microsoft Outlook 2010 STIG:
DTOO236 - Outlook
(in versions v1 r13 through v1 r12)
Title
The Add-In Trust Level must be configured. (Cat II impact)
Discussion
Under normal circumstances the installed COM add-ins are applications that have been approved and intentionally deployed by the organization and therefore they should not pose a security threat. However, if malware has infected systems it is possible that the malware will use the COM add-in feature to perform unauthorized actions. This setting enforces the default configuration, and therefore is unlikely to cause significant usability issues for most users.
Check Content
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Configure Add-In Trust Level” must be set to “Enabled (Trust all loaded and installed COM addins)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AddinTrust is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Configure Add-In Trust Level” to “Enabled (Trust all loaded and installed COM addins)”.
Additional Identifiers
Rule ID: SV-33932r1_rule
Vulnerability ID: V-17566
Group Title: DTOO236 - Add-In Trust Level
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |