Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-40743 | DTOO305 | SV-52801r1_rule | Medium |
Description |
---|
This policy setting controls whether Office 2013 applications load any custom user interface (UI) code included with a document or template. Office 2013 allows developers to extend the UI with customization code that is included in a document or template. If this policy setting is enabled, Office 2013 applications cannot load any UI customization code included with documents and templates. If this policy setting is disabled or not configured, Office 2013 applications load any UI customization code included with a document or template when opening it, leaving the Office 2013 application susceptible to malicious code. |
STIG | Date |
---|---|
Microsoft Visio 2013 STIG | 2013-12-12 |
Check Text ( C-47130r3_chk ) |
---|
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Global Options -> Customize -> "Disable UI extending from documents and templates" is set to "Enabled" and "Disallow in Visio" is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\common\toolbars\Visio Criteria: If the value noextensibilitycustomizationfromdocument is REG_DWORD = 1, this is not a finding. |
Fix Text (F-45727r2_fix) |
---|
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Global Options -> Customize -> "Disable UI extending from documents and templates" to "Enabled". Select the policy option for "Disallow in Visio". |