The Add-In Trust Level must be configured.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17566	DTOO236 - Outlook	SV-33932r1_rule	ECSC-1	Medium

Description
Under normal circumstances the installed COM add-ins are applications that have been approved and intentionally deployed by the organization and therefore they should not pose a security threat. However, if malware has infected systems it is possible that the malware will use the COM add-in feature to perform unauthorized actions. This setting enforces the default configuration, and therefore is unlikely to cause significant usability issues for most users.

Description

Under normal circumstances the installed COM add-ins are applications that have been approved and intentionally deployed by the organization and therefore they should not pose a security threat. However, if malware has infected systems it is possible that the malware will use the COM add-in feature to perform unauthorized actions. This setting enforces the default configuration, and therefore is unlikely to cause significant usability issues for most users.

STIG	Date
Microsoft Outlook 2010	2015-09-18

Details

Check Text ( None )
None

Fix Text (F-30010r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Configure Add-In Trust Level” to “Enabled (Trust all loaded and installed COM addins)”.