Check: O365-OU-000003
Microsoft Office 365 ProPlus STIG:
O365-OU-000003
(in versions v2 r11 through v2 r3)
Title
Scripts associated with public folders must be prevented from execution in Outlook. (Cat II impact)
Discussion
This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders.
Check Content
Verify the policy for Microsoft Outlook 2016 >> Outlook Options >> Other >> Advanced >> Do not allow Outlook object model scripts to run for public folders is set to "Enabled". Use the Windows Registry to navigate to the following key: HKCU\software\policies\microsoft\office\16.0\outlook\security If the value for publicfolderscript is set to REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> Other >> Advanced >> Do not allow Outlook object model scripts to run for public folders to "Enabled".
Additional Identifiers
Rule ID: SV-223348r879630_rule
Vulnerability ID: V-223348
Group Title: SRG-APP-000210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |