Allow VBA to load typelib references by path from untrusted intranet locations

Information

This policy setting permits VBA to load typelib references by explicit path read from the project data if that path points to an intranet location that is not explicitly in the system trusted sites list.

By default VBA will attempt to load typelibs referenced in a project by searching for the library GUID in the registry. If it is not found in the registry VBA will attempt to load the typelib or project reference using the path stored in the project for the reference as long as the reference does not point to an internet or intranet location that is not in the trusted sites list.

If you enable this policy setting VBA will treat intranet paths like local machine paths and therefore VBA will attempt to search for unregistered references in intranet locations that are not local machine or in the system's trusted sites list.

If you disable or dont configure this policy setting VBA maintains its default behavior and will refuse to load typelibs on intranet paths if it does not find the typelib registered in HKEY_CLASSES_ROOT.

Solution

Policy Path: Microsoft Office 2016\Security Settings
Policy Setting Name: Allow VBA to load typelib references by path from untrusted intranet locations

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2112/ba-p/3038172

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 633edc85949d1410959884c5a92d6d5724991a865dc085886603ef76d7b7967a