An error occurred:

Check: DTOO323 - Publisher

Microsoft Publisher 2010 STIG: DTOO323 - Publisher (in versions v1 r11 through v1 r9)

Title

The Publisher Automation Security Level must be configured for high security. (Cat II impact)

Discussion

When a separate application is used to launch Publisher 2010 programmatically, any macros can run in the programmatically-opened application without being blocked. Disabling or not configuring this setting could allow a malicious user to use automation to run malicious code in Publisher 2010.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security “Publisher Automation Security Level” must be set to “Enabled and High (Disabled)" is selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\Common\Security Criteria: If the value AutomationSecurityPublisher is REG_DWORD = 3, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security “Publisher Automation Security Level” to “Enabled and High (Disabled)" is selected.

Additional Identifiers

Rule ID: SV-34093r1_rule

Vulnerability ID: V-26708

Group Title: DTOO323 - Publisher Automation Security Level

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001170

The information system prevents the automatic execution of mobile code in organization-defined software applications.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-18 (4)

Prevent Automatic Execution