Check: DTOO276
Microsoft Outlook 2016 STIG:
DTOO276
(in versions v2 r3 through v1 r1)
Title
Always warn on untrusted macros must be enforced. (Cat II impact)
Discussion
This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from four options for handling macros in Outlook: - Always warn. This option corresponds to the "Warnings for all macros" option in the "Macro Security" section of the Outlook Trust Center. Outlook disables all macros that are not opened from a trusted location, even if the macros are signed by a trusted publisher. For each disabled macro, Outlook displays a security alert dialog box with information about the macro and its digital signature (if present), and allows users to enable the macro or leave it disabled. - Never warn, disable all. This option corresponds to the "No warnings and disable all macros" option in the Trust Center. Outlook disables all macros that are not opened from trusted locations, and does not notify users. - Warning for signed, disable unsigned. This option corresponds to the "Warnings for signed macros; all unsigned macros are disabled" option in the Trust Center. Outlook handles macros as follows: --If a macro is digitally signed by a trusted publisher, the macro can run if the user has already trusted the publisher. --If a macro has a valid signature from a publisher that the user has not trusted, the security alert dialog box for the macro lets the user choose whether to enable the macro for the current session, disable the macro for the current session, or to add the publisher to the Trusted Publishers list so that it will run without prompting the user in the future. --If a macro does not have a valid signature, Outlook disables it without prompting the user, unless it is opened from a trusted location. This option is the default configuration in Outlook. - No security check. This option corresponds to the "No security check for macros (Not recommended)" option in the Trust Center. Outlook runs all macros without prompting users. This configuration makes users' computers vulnerable to potentially malicious code and is not recommended. If you disable or do not configure this policy setting, the behavior is the equivalent of Enabled -- Warning for signed, disable unsigned.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Trust Center "Security setting for macros" is set to "Enabled (Warn for signed, disable unsigned)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\outlook\security Criteria: If the value Level is REG_DWORD = 3, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security -> Trust Center "Security setting for macros" to "Enabled (Warn for signed, disable unsigned)".
Additional Identifiers
Rule ID: SV-228464r508021_rule
Vulnerability ID: V-228464
Group Title: SRG-APP-000207
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
Number | Title |
---|---|
SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |