Details

Third-party ActiveX controls are not allowed to run in one-off forms in Outlook. This behavior can be changed so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook Recipient and Body controls) are allowed in one-off forms, or so that all ActiveX controls are allowed to run.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security ‘Allow Active X One Off Forms’ to ‘Enabled: Load only Outlook Controls’.

Supportive Information

The following resource is also helpful.

• https://iasecontent.disa.mil/stigs/zip/U_MS_Outlook_2013_V1R13_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-18(4)
• CAT|II
• CCI|CCI-001170
• Rule-ID|SV-53915r1_rule
• STIG-ID|DTOO234
• Vuln-ID|V-17559

Source

• Tenable.com/audits