Information
This policy setting permits VBA to load typelib references by explicit path read from the project data if that path points to an intranet location that is not explicitly in the system trusted sites list.
If this policy setting is enabled, VBA will treat intranet paths like local machine paths, and therefore VBA will attempt to search for unregistered references in intranet locations that are not local machine or in the system's trusted sites list.
The recommended state for this setting is: Disabled.
Rationale:
The Visual Basic Application language can be abused by manipulating typelib references stored in untrusted locations. By preventing a user from overriding the default security settings this prevents a change to an unsecure state where harmful software could be more easily executed on a system.
Impact:
None - this policy enforces the default configuration.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
User Configuration\Administrative Templates\Microsoft Office 2016\Security Settings\Allow VBA to load typelib references by path from untrusted intranet locations
Default Value:
Disabled.