STIGQter STIGQter: STIG Summary: Microsoft Office 365 ProPlus Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

ActiveX Controls must be initialized in Safe Mode.

DISA Rule

SV-223288r508019_rule

Vulnerability Number

V-223288

Group Title

SRG-APP-000488

Rule Version

O365-CO-000005

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings "ActiveX Control Initialization" to "Enabled + 6".

Check Contents

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings "ActiveX Control Initialization" is set to "Enabled (If SFI, load the control in safe mode and use persisted values (if any). If not SFI, prompt the user and advise them that it is marked unsafe. If the user chooses No at the prompt, do not load the control. Otherwise, load it with persisted values.)

Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\Common\Security

If the value UFIControls exists, this is a finding.

Vulnerability Number

V-223288

Documentable

False

Rule Version

O365-CO-000005

Severity Override Guidance

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2016 >> Security Settings "ActiveX Control Initialization" is set to "Enabled (If SFI, load the control in safe mode and use persisted values (if any). If not SFI, prompt the user and advise them that it is marked unsafe. If the user chooses No at the prompt, do not load the control. Otherwise, load it with persisted values.)

Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\Common\Security

If the value UFIControls exists, this is a finding.

Check Content Reference

M

Target Key

4099

Comments