Title

The Publisher Automation Security Level must be configured for high security. (Cat II impact)

Discussion

When a separate application is used to launch Publisher 2013 programmatically, any macros can run in the programmatically-opened application without being blocked. Disabling or not configuring this setting could allow a malicious user to use automation to run malicious code in Publisher 2013.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2013 -> Security "Publisher Automation Security Level" is set to "Enabled and High (Disabled)" is selected. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\Common\Security Criteria: If the value AutomationSecurityPublisher is REG_DWORD = 3, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2013 -> Security "Publisher Automation Security Level" to "Enabled and High (Disabled)" is selected.

Additional Identifiers

Rule ID: SV-53256r1_rule

Vulnerability ID: V-26708

Group Title: DTOO323 - Publisher Automation Security Level

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.