DTOO234 – ActiveX One-Off forms must be configured.

Details

By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook Recipient and Body controls) are allowed in one-off forms, or so that all ActiveX controls are allowed to run.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Security ‘Allow Active X One Off Forms’ to ‘Enabled: Load only Outlook Controls’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Outlook_2016_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-18(4)
CAT|II
CCI|CCI-001170
Rule-ID|SV-228435r508021_rule
STIG-ID|DTOO234
STIG-Legacy|SV-85773
STIG-Legacy|V-71149
Vuln-ID|V-228435

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles