Disable Fully Trusted Solutions access to computers

Disable Fully Trusted Solutions access to computers - InfoPath

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17658	DTOO159 - InfoPath	SV-18812r1_rule	ECSC-1	Medium

Description
By default, InfoPath 2007 users can choose whether to allow trusted forms to run on their computers. The Full Trust security level allows a form to access local system resources, such as COM components or files on users' computers, and suppresses certain security prompts. It can only be used with forms that are installed on users' computers or with forms using a form template that is digitally signed with a trusted root certificate. As with any security model that allows trusted entities to operate with fewer security controls, if a form with malicious content is marked as fully trusted it could be used to compromise information security or affect users' computers.

Description

By default, InfoPath 2007 users can choose whether to allow trusted forms to run on their computers. The Full Trust security level allows a form to access local system resources, such as COM components or files on users' computers, and suppresses certain security prompts. It can only be used with forms that are installed on users' computers or with forms using a form template that is digitally signed with a trusted root certificate. As with any security model that allows trusted entities to operate with fewer security controls, if a form with malicious content is marked as fully trusted it could be used to compromise information security or affect users' computers.

STIG	Date
Microsoft InfoPath 2007	2015-10-02

Details

Check Text ( C-18929r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> “Disable fully trusted solutions full access to computer” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Security\ Criteria: If the value RunFullTrustSolutions is REG_DWORD = 0, this is not a finding.

Check Text ( C-18929r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> “Disable fully trusted solutions full access to computer” will be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Security\

Criteria: If the value RunFullTrustSolutions is REG_DWORD = 0, this is not a finding.

Fix Text (F-17556r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> “Disable fully trusted solutions full access to computer” will be set to “Enabled”.