Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Outlook 2013 STIG
DTOO256 - Trusted Add-Ins Security
DTOO256 - Trusted Add-Ins Security
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
DTOO256 - Trusted Add-Ins Security
1 Rule
<GroupDescription></GroupDescription>
Trusted add-ins behavior for email must be configured.
Medium Severity
<VulnDiscussion>The Outlook object model includes entry points to access Outlook data, save data to specified locations, and send email messages, all of which can be used by malicious application developers. To help protect these entry points, the Object Model Guard warns users and prompts them for confirmation when untrusted code, including add-ins, attempts to use the object model to obtain email address information, store data outside of Outlook, execute certain actions, and send email messages. To reduce excessive security warnings when add-ins are used, administrators can specify a list of trusted add-ins that can access the Outlook object model silently, without raising prompts. This trusted add-in list should be treated with care, because a malicious add-in could access and forward sensitive information if added to the list.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>