Skip to content

Scripted Windows Security restrictions must be enabled in all Office programs.

An XCCDF Rule

Description

<VulnDiscussion>Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not configuring this setting allows unknown websites to: - Create browser windows appearing to be from the local operating system. - Draw active windows displaying outside of the viewable areas of the screen capturing keyboard input. - Overlay parent windows with their own browser windows to hide important system information, choices, or prompts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-223308r879573_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2016 (Machine) >> Security Settings >> IE Security >>Scripted Window Security Restrictions to "Enabled" and select the check boxes for  all installed Office programs.