UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Disable UI extending from documents and templates must be disallowed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26625 DTOO305 - Word SV-33812r1_rule ECSC-1 Medium
Description
Office 2010 allows developers to extend the UI with customization code that is included in a document or template. If the customization code is written by an inexperienced or malicious developer, it could limit the accessibility or availability of important application commands. Commands could also be added to launch macros containing malicious code. Office applications load any UI customization code included with a document or template when opening it.
STIG Date
Microsoft Word 2010 2014-01-07

Details

Check Text ( C-34186r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Global Options -> Customize “Disable UI extending from documents and templates” must be “Enabled" and "Disallow in Word" selected.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\common\toolbars\word

Criteria: If the value NoExtensibilityCustomizationFromDocument is REG_DWORD = 1, this is not a finding.
Fix Text (F-29875r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Global Options -> Customize “Disable UI extending from documents and templates” to “Enabled" and select "Disallow in Word".