Check: DTOO276 - Outlook
Microsoft Outlook 2010 STIG:
DTOO276 - Outlook
(in versions v1 r13 through v1 r12)
Title
Always warn on untrusted macros must be enforced. (Cat II impact)
Discussion
To protect users from dangerous code, the Outlook default configuration disables all macros that are not trusted, including unsigned macros, macros with expired or invalid signatures, and macros with valid signatures from publishers who are not on users' Trusted Publishers lists. The default configuration also allows macros that are signed by trusted publishers to run automatically without notifying users, which could allow dangerous code to run.
Check Content
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Security setting for macros” must be “Enabled (Always warn)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value Level is REG_DWORD = 2, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Trust Center “Security setting for macros” to “Enabled (Always warn)”.
Additional Identifiers
Rule ID: SV-33598r1_rule
Vulnerability ID: V-17798
Group Title: DTOO276 - Security settings for macros
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
| Number | Title |
|---|---|
| SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |