SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CCE

CCE-345-9

Platform: office2k7

The "Do not display 'Publish to GAL' button" setting should be configured correctly.

Parameter:

(1) enabled/disabled

Technical Mechanism:

(1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\PublishToGalDisabled 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Disable 'Publish to GAL' button (4) HKCU\Software\Policies\Microsoft\office\11.0\outlook\Security - PublishToGalDisabled

CCSS Severity:		CCSS Metrics:
CCSS Score :		Attack Vector:
Exploit Score:		Attack Complexity:
Impact Score:		Privileges Required:
Severity:		User Interaction:
Vector:		Scope:
		Confidentiality:
		Integrity:
		Availability:

References:

Resource Id	Reference
Old v4 CCE ID	CCE-345
Microsoft Office 2007 Threats and Countermeasures guide Beta release	Table 1.135. Do not display 'Publish to GAL' button
Microsoft Office 2007 Recommendations (Security Settings for Office 2007 Applications.xlsx)	User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not display 'Publish to GAL' button
NIST SCAP Microsoft Office 2007 OVAL (SCAP-Office2007-OVAL-Beta-v1.xml)	oval:org.mitre.oval:def:741
NIST SCAP Microsoft Office 2007 XCCDF (SCAP-Office2007-XCCDF-Beta-v1.xml )	DoNotDisplayPublishToGALButton
SCAP Repo OVAL Definition	oval:org.secpod.oval:def:11629
BITS Shared Assessments SIG v6.0	BITS Shared Assessments SIG v6.0
Jericho Forum	Jericho Forum
HIPAA/HITECH Act	HIPAA/HITECH Act
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--	FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005	ISO/IEC 27001-2005
COBIT 4.1	COBIT 4.1
GAPP (Aug 2009)	GAPP (Aug 2009)
NERC CIP	NERC CIP
NIST SP800-53 R3	NIST SP800-53 R3 CM-6
PCIDSS v2.0	PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--	FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0	BITS Shared Assessments AUP v5.0


30480



423868



251782



909



196543



282