Details
This policy setting allows you to turn on and off Data Execution Prevention (DEP) for
Outlook. DEP is a set of hardware and software technologies that perform additional checks
on memory to help prevent malicious code from running on a system. The primary benefit
of DEP is to help prevent code execution from data pages. If you enable this policy setting,
you will turn off DEP for Outlook. If you disable or do not configure this policy setting, you
will turn on DEP for Outlook. The recommended state for this setting is- Disabled.
*Rationale*
Enabling this setting turns off Data Execution Prevention (DEP) for Access 2010. As a
result, malicious code that takes advantage of code injection or buffer overflow
vulnerabilities could exploit the computer.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Disabled.
User ConfigurationAdministrative TemplatesMicrosoft Outlook 2010SecurityTrust
CenterTurn off Data Execution Prevention
Impact-With DEP enabled, every time memory is accessed, the location is checked to ensure that
any code that executes does so in a code area and not a data area of memory. The extra
checks incur a small overhead because DEP is supported at the hardware level by all recent
Intel and AMD processors. Note DEP may cause compatibility issues with some older
applications.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.