ISM-1488 – Technical Resolution Guidance
What is ISM-1488?
Microsoft Office macros in files originating from the internet are blocked.
Background
Blocking macros in files from the internet prevents potentially harmful macros from running automatically in untrusted documents sources. Instead, users are prompted to enable or disable these macros, reducing the risk of malware.
Applicability
This control is relevant to the following:
- Maturity Level 1, 2, and 3 Controls
Evaluation Results
Status | Description |
---|---|
Effective | Microsoft Office Product is installed and policy is present and set correctly. |
Ineffective | Microsoft Office Product is installed and the policy is not enabled. |
Not Applicable | Microsoft Office is not installed or not applicable to this device. |
Testing Parameters
The following is a list of Microsoft Office products:
- Microsoft Access 2016 or greater
- Microsoft Excel 2016 or greater
- Microsoft PowerPoint 2016 or greater
- Microsoft Visio 2016 or greater
- Microsoft Word 2016 or greater
Technology | Registry Key | Value |
---|---|---|
Group Policy or Intune | HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\[OfficeVersion]\[Product]\security | blockcontentexecutionfrominternet = 1 |
Group Policy Preferences or Scripts | HKEY_CURRENT_USER\SOFTWARE \microsoft\office\[OfficeVersion]\[ Product]\security | blockcontentexecutionfrominternet = 1 |
Remediation Steps
Using group policy and set the following policies to Enabled:For Access 2016:
User Configuration\Policies\Administration Templates\Microsoft Access 2016\Application Settings\Security\Trust Center\Block macros from running in Office files from the Internet
All other Office products:
User Configuration\Policies\Administration Templates\[Application Name]\ Options\Security\Trust Center\Block macros from running in Office files from the Internet
Validation Process
Validation that the policy is correctly being applied on the end device.
Risk Consideration
Blocking macros in files downloaded from the internet significantly reduces the risk of executing malicious code, helping to prevent malware distribution, macro-based attacks, and phishing attempts. This control aligns with security best practices, strengthens defense against zero-day exploits, reduces reliance on user discretion, and enhances overall security for an organization's Microsoft Office environment.