O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not configuring this setting allows unknown websites to:
- Create browser windows appearing to be from the local operating system.
- Draw active windows displaying outside of the viewable areas of the screen capturing keyboard input.
- Overlay parent windows with their own browser windows to hide important system information, choices, or prompts.

Solution

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security >>Scripted Window Security Restrictions to 'Enabled' and select the check boxes for all installed Office programs.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Office_365_ProPlus_V2R12_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001695, Rule-ID|SV-223308r879573_rule, STIG-ID|O365-CO-000026, STIG-Legacy|SV-108795, STIG-Legacy|V-99691, Vuln-ID|V-223308

Plugin: Windows

Control ID: fa8a2d8a05eacc8e03d9b405d363acae9fc05f04999ecb1551922d7f63ac1ddc