| V-17187 | Medium | Trust Bar Notifications for unsigned application add-ins must be blocked. | If an application is configured to require all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar... |
| V-17184 | Medium | Links that invoke instances of IE from within an Office product must be blocked. | The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of... |
| V-17183 | Medium | Navigation to URL's embedded in Office products must be blocked. | To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by... |
| V-26707 | Medium | Fatally corrupt files must be blocked from opening. | Enabling this setting allows user to open fatally corrupt Publisher 2010 files. As a result, malicious code or users could become active on user computers or the network. For example, a... |
| V-17173 | Medium | Disabling of user name and password syntax from being used in URLs must be enforced. | The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to... |
| V-17545 | Medium | Warning Bar settings for VBA macros must be configured. | When users open files containing VBA Macros, applications open the files with the macros disabled and displays the Trust Bar with a warning that macros are present and have been disabled. Users... |
| V-17174 | Medium | Enabling IE Bind to Object functionality must be present. | Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the... |
| V-17175 | Medium | Saved from URL mark to assure Internet zone processing must be enforced. | Typically, when Internet Explorer loads a Web page from a Universal Naming Convention (UNC) share that contains a Mark of the Web (MOTW) comment, indicating the page was saved from a site on the... |
| V-26589 | Medium | Application add-ins must be signed by Trusted Publisher. | Office 2010 applications do not check the digital signature on application add-ins before opening them. Disabling or not configuring this setting may allow an application to load a dangerous... |
| V-26588 | Medium | Scripted Window Security must be enforced. | Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not... |
| V-26625 | Medium | Disable UI extending from documents and templates must be disallowed. | Office 2010 allows developers to extend the UI with customization code that is included in a document or template. If the customization code is written by an inexperienced or malicious developer,... |
| V-26590 | Medium | Data Execution Prevention must be enforced. | Data Execution Prevention (DEP) is a set of hardware and software technologies performing additional checks on memory to help prevent malicious code from running on a system. The primary benefit... |
| V-26708 | Medium | The Publisher Automation Security Level must be configured for high security.
| When a separate application is used to launch Publisher 2010 programmatically, any macros can run in the programmatically-opened application without being blocked. Disabling or not configuring... |
| V-26587 | Medium | File Downloads must be configured for proper restrictions. | Disabling this setting allows websites to present file download prompts via code without the user specifically initiating the download. User preferences may also allow the download to occur... |
| V-26586 | Medium | ActiveX Installs must be configured for proper restriction. | Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in the browser like the other types of HTML or... |
| V-26585 | Medium | Protection from zone elevation must be enforced. | Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine... |
| V-26584 | Medium | Add-on Management functionality must be allowed. | Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring... |
