An error occurred:

Check: DTOO234 - Outlook

Microsoft Outlook 2010 STIG: DTOO234 - Outlook (in versions v1 r13 through v1 r12)

Title

Active X One-Off forms must be configured. (Cat II impact)

Discussion

Third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook Recipient and Body controls) are allowed in one-off forms, or so that all ActiveX controls are allowed to run.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Allow Active X One Off Forms” must be set to “Enabled: Load only Outlook Controls”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value AllowActiveXOneOffForms is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Allow Active X One Off Forms” to “Enabled: Load only Outlook Controls”.

Additional Identifiers

Rule ID: SV-33523r1_rule

Vulnerability ID: V-17559

Group Title: DTOO234 - Active X One-Off Forms

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001170

The information system prevents the automatic execution of mobile code in organization-defined software applications.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-18 (4)

Prevent Automatic Execution