UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Publisher must be configured to prompt the user when another application programmatically opens a macro.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223390 O365-PU-000001 SV-223390r508019_rule Medium
Description
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy setting only applies if you enable the "Require that application add-ins are signed by Trusted Publisher" policy setting, which prevents users from changing this policy setting. If you enable this policy setting, applications automatically disable unsigned add-ins without informing users. If you disable this policy setting, if this application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message that informs users about the unsigned add-in. If you do not configure this policy setting, the disable behavior applies, and in addition, users can configure this requirement themselves in the "Add-ins" category of the Trust Center for the application.
STIG Date
Microsoft Office 365 ProPlus Security Technical Implementation Guide 2021-03-22

Details

Check Text ( C-25063r442389_chk )
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Publisher 2016 >> Security >> Publisher Automation Security Level is set to "Enabled" "By UI (prompted)".

Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\microsoft\office\common\security

If the value automationsecuritypublisher is REG_DWORD = 0, this is not a finding.
Fix Text (F-25051r442390_fix)
Set the policy value for User Configuration >> Administrative Templates >> Microsoft Publisher 2016 >> Security >> Publisher Automation Security Level to "Enabled" "By UI (prompted)"