Title

The Save commands default file format must be configured. (Cat II impact)

Discussion

When users create new Excel files, Excel 2013 saves them in the new *.xlsx format. Ensure this setting is enabled to specify all new files are created in Excel 2013. If a new file is created in an earlier format, some users may not be able to open or use the file, or they may choose a format that is less secure than the Excel 2013 format. Users can still select a specific format when they save files, but they cannot change the default of this setting from the "Excel Options" dialog box. This enforced user behavior ensures any change to the file format requires additional deliberate user interaction.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Save "default file format" is set to "Enabled (Excel Workbook *.xlsx)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\options Criteria: If the value DefaultFormat is REG_DWORD = 0x00000033(hex) or 51 (Decimal), this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Save "default file format" to "Enabled (Excel Workbook *.xlsx)".

Additional Identifiers

Rule ID: SV-53726r1_rule

Vulnerability ID: V-17521

Group Title: DTOO139 - Save files default format

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.