Title

Enable Warning Bar settings for VBA macros contained in WordFiles. (Cat II impact)

Discussion

By default, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that macros are present and have been disabled. Users can inspect and edit the files if appropriate, but users cannot use any disabled functionality until they enable it by clicking Options on the Trust Bar and selecting the appropriate action. If users enable dangerous macros, it could affect their computers or cause sensitive information to be compromised.

Check Content

NOTE: If VBA support is not installed, this check is Not Applicable. The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center “VBA Macro Warning Settings” will be set to “Enabled (Trust Bar warning for all macros)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Word\Security Criteria: If the value VBAWarnings is REG_DWORD = 2, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Word 2007 -> Word Options -> Security -> Trust Center “VBA Macro Warning Settings” will be set to “Enabled (Trust Bar warning for all macros)”.

Additional Identifiers

Rule ID: SV-18636r2_rule

Vulnerability ID: V-17545

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.