2.11.1.2 Ensure 'Disable UI Extending from Documents and Templates' is set to Enabled - Publisher

Information

This policy setting controls whether Office applications load any custom user interface (UI) code included with a document or template. Office allows developers to extend the UI with customization code that is included in a document or template. The recommended state for this setting is: Enabled. The Office 2016 release allows developers to extend the UI with customization code that is included in a document or template. If the customization code is written by an inexperienced or malicious developer, it could limit the accessibility or availability of important application commands. Commands could also be added that launch macros that contain malicious code. By default, Office applications load any UI customization code included with a document or template when opening it.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Office 2016\Global Options\Customize\Disable UI Extending from Documents and Templates Impact: Enabling this setting will prevent developers from using documents and templates to extend the UI, which some organizations do to increase user productivity. If your organization makes use of a modified UI, it might not be feasible for you to enable this setting. Sometimes only specific teams in an organization require a modified UI, and this setting could be enabled for the rest of the organization.

See Also

https://workbench.cisecurity.org/files/571

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: ff85494ec489bfe0a6eb5e417e8088cc4f14efa00bab27df6fd8d70a161182db