Disabling of Fully Trusted Solutions access to computers must be configured.

From Microsoft InfoPath 2010 STIG

Part of DTOO159 - Fully trusted solutions access

Associated with: CCI-001749

SV-33661r1_rule Disabling of Fully Trusted Solutions access to computers must be configured.

Vulnerability discussion

InfoPath users can choose whether to allow trusted forms to run on their computers. The Full Trust security level allows a form to access local system resources, such as COM components or files on users' computers, and suppresses certain security prompts. It can only be used with forms that are installed on users' computers or with forms using a form template that is digitally signed with a trusted root certificate.As with any security model that allows trusted entities to operate with fewer security controls, if a form with malicious content is marked as fully trusted it could be used to compromise information security or affect users' computers.

Check content

The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> “Disable fully trusted solutions full access to computer” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\infopath\security Criteria: If the value RunFullTrustSolutions is REG_DWORD = 0, this is not a finding.

Fix text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> “Disable fully trusted solutions full access to computer” to “Enabled”.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.