Database functionality configurations must be displayed to the user.

From Microsoft Access 2013 STIG

Part of DTOO135 - Modal Trust Decision Only

SV-52771r1_rule Database functionality configurations must be displayed to the user.

Vulnerability discussion

When users open an untrusted Access 2013 database that contains user-programmed executable components, Access opens the database with the components disabled and displays the Message Bar with a warning that database content has been disabled. Users can inspect the contents of the database, but cannot use any disabled functionality until they enable it by clicking Options on the Message Bar and selecting the appropriate action.The default configuration can be changed so that users see a dialog box when they open an untrusted database with executable components. Users must then choose whether to enable or disable the components before working with the database. In these circumstances users frequently enable the components, even if they do not require them. Executable components can be used to launch an attack against a computer environment.Disabling this setting enforces Access 2013 to display the action items, so is unlikely to cause usability issues.

Check content

Fix text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2013 -> Tools \ Security "Modal Trust Decision Only" to "Disabled".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer