DTOO323 - The Publisher Automation Security Level must be configured for high security.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

When a separate application is used to launch Publisher 2013 programmatically, any macros can run in the programmatically-opened application without being blocked. Disabling or not configuring this setting could allow a malicious user to use automation to run malicious code in Publisher 2013.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2013 -> Security 'Publisher Automation Security Level' to 'Enabled and High (Disabled)' is selected.

See Also

http://iasecontent.disa.mil/stigs/zip/Oct2016/U_MicrosoftPublisher2013_V1R4_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-53256r1_rule, STIG-ID|DTOO323, Vuln-ID|V-26708

Plugin: Windows

Control ID: 4c22a209f627e3d0373dad87cca16192a1d9ac8409fa4f736f6429f784afabd1