An error occurred:

Check: DTOO151 -Excel

Microsoft Excel 2007: DTOO151 -Excel (in versions v4 r13 through v4 r12)

Title

Do not save additional data needed to maintain formulas - Excel. (Cat II impact)

Discussion

Microsoft Office Web Components (OWC) is a collection of Component Object Model (COM) controls used by earlier versions of Microsoft Office for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web. OWC was removed from the 2007 Office release in favor of improvements to the Web features of Office desktop applications and of Microsoft Windows SharePoint Services. Organizations that currently support publishing data to the Web via OWC and are not ready to migrate to newer publishing methods can download OWC from Microsoft and continue to use it with 2007 Microsoft Office applications. By default, when users save workbooks as Web pages that use OWC, Excel maintains externally referenced data of formulas that are not in the selected range to be published, which increases the size of the files and in some cases increases the risk of exposing sensitive information. The user can change this functionality by clearing the Save any additional hidden data necessary to maintain formulas check box on the General tab in the Web Options dialog box (available from the Advanced section of the Excel Options dialog box). If the check box is cleared, Excel 2007 replaces the formulas with calculated values, which reduces the size of the file.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Excel 2007 -> Excel Options -> Advanced -> Web Options -> General “Save any additional data necessary to maintain formulas” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Internet Criteria: If the value DoNotSaveHiddenData is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office Excel 2007 -> Excel Options -> Advanced -> Web Options -> General “Save any additional data necessary to maintain formulas” will be set to “Disabled”.

Additional Identifiers

Rule ID: SV-19021r1_rule

Vulnerability ID: V-17796

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check