An error occurred:

Check: DTOO127 - Publisher

Microsoft Publisher 2010 STIG: DTOO127 - Publisher (in versions v1 r11 through v1 r9)

Title

Application add-ins must be signed by Trusted Publisher. (Cat II impact)

Discussion

Office 2010 applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring this setting may allow an application to load a dangerous add-in. As a result, malicious code could become active on user computers or the network.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher" must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\publisher\security Criteria: If the value RequireAddinSig is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security -> Trust Center “Require that application add-ins are signed by Trusted Publisher" to “Enabled”.

Additional Identifiers

Rule ID: SV-33929r1_rule

Vulnerability ID: V-26589

Group Title: DTOO127 - Add-ins are signed by Trusted Publisher

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001749

The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (3)

Signed Components