1.1.1.1 (L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'

Information

This policy setting controls whether the Adobe Flash control can be activated by Office documents. Note that activation blocking applies only within Office processes.

'Block all activation' prevents the Flash control from being loaded, whether directly referenced by the document or indirectly by another embedded object.

The recommended state for this setting is: Enabled: Block all activation

Adobe Flash was discontinued in 2020. Flash content has had a long history of exploitation by malicious software developers. Blocking will ensure Office does not execute any Flash content. Enforcing the default ensures that the system was not configured in an insecure way.

Solution

To establish the recommended state via configuration profiles, set the following Settings Catalog path to Enabled: Block all activation

Administrative Templates\MS Security Guide\Block Flash activation in Office documents

Impact:

None - this enforces the default behavior of Microsoft Office.

See Also

https://workbench.cisecurity.org/benchmarks/15808

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(5), 800-53|CM-10

Plugin: Windows

Control ID: 79f5f1eafd8fedf67e145880734ef45f0c2ca89c7d16c4e22f9e8c1a8b185e80