Check: O365-OU-000004
Microsoft Office 365 ProPlus STIG:
O365-OU-000004
(in versions v2 r11 through v2 r3)
Title
Scripts associated with shared folders must be prevented from execution in Outlook. (Cat II impact)
Discussion
This policy setting controls whether Outlook executes scripts associated with custom forms or folder home pages for shared folders.
Check Content
Verify the policy for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> Other >> Advanced >> Do not allow Outlook object model scripts to run for shared folders is set to "Enabled". Use the Windows Registry to navigate to the following key: HKCU\software\policies\microsoft\office\16.0\outlook\security If the value for sharedfolderscript is set to REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Outlook Options >> Other >> Advanced >> Do not allow Outlook object model scripts to run for shared folders to "Enabled".
Additional Identifiers
Rule ID: SV-223349r879630_rule
Vulnerability ID: V-223349
Group Title: SRG-APP-000210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |