BIO 12.02.01 ISO A.8.7

Outlook ActiveX One-Off Forms Gecontroleerd

πŸ“… 2025-10-30
β€’
⏱️ 5 minuten lezen
β€’
πŸ”΄ Must-Have

πŸ’Ό Management Samenvatting

ActiveX regelt in Outlook one-off forms moeten worden gecontroleerd om te voorkomen dat malicious ActiveX code wordt uitgevoerd via aangepaste email forms.

Aanbeveling
IMPLEMENT
Risico zonder
High
Risk Score
7/10
Implementatie
2u (tech: 1u)
Van toepassing op:
βœ“ Outlook

OUTLOOK FORMS aanvalsvector: Outlook ondersteunt aangepaste forms met embedded ActiveX controls. ZONDER CONTROLE: Malicious forms kunnen arbitrary ActiveX code uitvoeren, volledige system access mogelijk via vulnerable ActiveX, Email-based code execution. ACTIVEXONEOFFFORMSOUTLOOKCONTROLS: Prompts gebruiker voordat ActiveX in aangepaste form loads, Voorkomt automatische execution van malicious controls.

PowerShell Modules Vereist
Primary API: Intune / groep beleid
Connection: Registry
Required Modules:

Implementatie

Schakel in controls: HKCU:\Software\beleidsregels\Microsoft\Office\16.0\OUTLOOK\Security\activexoneoffformsoutlookcontrols is 1. DISA STIG O365-OU-000007. EFFECT: Outlook vraagt gebruiker machtiging voordat ActiveX regelt in one-off forms laden.

Vereisten

Outlook

Implementatie

Gebruik PowerShell-script activex-oneoff-forms-outlook-controls.ps1 (functie Invoke-Remediation) – Schakel in ActiveX regelt prompt.

Monitoring

Gebruik PowerShell-script activex-oneoff-forms-outlook-controls.ps1 (functie Invoke-Monitoring) – Verifieer activexoneoffformsoutlookcontrols is 1.

Compliance en Auditing

  1. DISA STIG O365-OU-000007
  2. BIO 12.02

Remediatie

Gebruik PowerShell-script activex-oneoff-forms-outlook-controls.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
# Control: O365-OU-000007 - ActiveX OneOff forms Outlook controls #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\OUTLOOK\Security", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-OU-000007: ActiveX OneOff forms Outlook controls" -ForegroundColor Green try { $valueName = "activexoneoffformsoutlookcontrols" $expectedValue = 1 if (-not (Test-Path $RegistryPath)) { Write-Host " Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host " Compliant: ActiveX OneOff forms controls are restricted" -ForegroundColor Green return $true } else { Write-Host " Non-Compliant: ActiveX OneOff forms controls not properly restricted" -ForegroundColor Red return $false } } catch { Write-Host " Error during monitoring: $_" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-OU-000007: ActiveX OneOff forms Outlook controls" -ForegroundColor Yellow try { if ($WhatIf) { Write-Host " [WhatIf] Would set registry value" -ForegroundColor Cyan return $true } $valueName = "activexoneoffformsoutlookcontrols" $expectedValue = 1 if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null Write-Host " Created registry path: $RegistryPath" -ForegroundColor Green } Set-ItemProperty -Path $RegistryPath -Name $valueName -Value $expectedValue -Type DWord -Force Write-Host " Set $valueName to $expectedValue" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host " Error during remediation: $_" -ForegroundColor Red return $false } } function Invoke-Revert { Write-Host "Reverting O365-OU-000007: ActiveX OneOff forms Outlook controls" -ForegroundColor Yellow try { if ($WhatIf) { Write-Host " [WhatIf] Would remove registry value" -ForegroundColor Cyan return $true } $valueName = "activexoneoffformsoutlookcontrols" if (Test-Path $RegistryPath) { Remove-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue Write-Host " Removed registry value: $valueName" -ForegroundColor Green } return $true } catch { Write-Host " Error during revert: $_" -ForegroundColor Red return $false } } # Main execution try { if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } elseif ($Revert) { $result = Invoke-Revert exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: [-Monitoring] [-Remediation] [-Revert] [-WhatIf]" -ForegroundColor Yellow } } catch { Write-Host "Script execution error: $_" -ForegroundColor Red exit 1 }

Risico zonder implementatie

Risico zonder implementatie
High: Hoog risico: Malicious ActiveX in Outlook forms kan arbitrary code execution zonder user awareness.

Management Samenvatting

Prompt voordat loading ActiveX in Outlook forms (activexoneoffformsoutlookcontrols=1). DISA STIG O365-OU-000007. Implementatie: 1-2 uur.