UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Disabling opening forms with managed code from the Internet security zone must be configured.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26620 DTOO296 SV-53392r1_rule Medium
Description
When InfoPath solutions are opened locally, the location of the form is checked so that updates to the form can be downloaded. If a user saves a form locally from a location on the Internet and then opens the same form from another location on the Internet, the cache will be updated with the new location information. If the user then opens the first form from its saved location, there will be a mismatch between the locally saved form and the locally cached form. This situation would typically happen when developers move forms to a new location, but if there is no warning when the cached location is used, it could be misused by an attacker attempting to redirect the forms to a new location. This type of attack is a form of beaconing. By default, if the location information in the cached form and the saved form to not match, the form cannot be opened without prompting the user for consent.
STIG Date
Microsoft InfoPath 2013 STIG 2018-04-03

Details

Check Text ( C-47633r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> Security "Disable opening forms with managed code from the Internet security zone" must be set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\InfoPath\security

Criteria: If the value RunManagedCodeFromInternet is REG_DWORD = 1, this is not a finding.
Fix Text (F-46316r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> Security "Disable opening forms with managed code from the Internet security zone" to "Enabled".