Title

The configuration for enabling of hyperlinks must be enforced. (Cat II impact)

Discussion

This policy setting controls whether hyperlinks in Access tables, queries, forms, and reports are underlined. If you enable this policy setting, Access underlines all hyperlinks in tables, queries, forms, and reports when they are created, overriding any configuration changes on the users' computers. If you disable this policy setting, Access does not underline hyperlinks in tables, queries, forms and reports. If you do not configure this policy setting, Access underlines hyperlinks that appear in tables, queries, forms, and reports. Enabling this policy setting enforces the default configuration in Access, and is therefore unlikely to cause a significant usability issue for most users. If this configuration is changed, users might click on dangerous hyperlinks without realizing it, which could pose a security risk.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2016-> Application Settings -> Web Options... -> General "Underline Hyperlinks" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\access\internet Criteria: If the value DoNotUnderlineHyperlinks is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Access 2016 -> Application Settings -> Web Options... -> General "Underline Hyperlinks" to "Enabled".

Additional Identifiers

Rule ID: SV-85563r1_rule

Vulnerability ID: V-70939

Group Title: SRG-APP-000488

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.