DTOO246 - Scripts in One-Off Outlook forms must be disallowed.

Information

Malicious code can be included within Outlook forms, and such code could be executed when users open the form. By default, Outlook does not run scripts in forms in which the script and the layout are contained within the message.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security -> Security Form Settings -> Custom Form Security 'Allow scripts in one-off Outlook forms' to 'Disabled'.

See Also

https://iasecontent.disa.mil/stigs/zip/U_MS_Outlook_2013_V1R13_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4), CAT|II, CCI|CCI-001170, Rule-ID|SV-53993r1_rule, STIG-ID|DTOO246, Vuln-ID|V-17562

Plugin: Windows

Control ID: 6baa09499e1811a893289011d156a19d1ec8dafc4faf3b41e47a7c03c0cbb24c