Title

Open/Save actions for Excel 2 worksheets must be blocked. (Cat II impact)

Discussion

This setting specifies whether users can open, view, edit, or save files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks that occur between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 2 worksheets" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL2Worksheets is REG_DWORD = 2, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 2 worksheets" to "Enabled: Open/Save blocked, use open policy".

Additional Identifiers

Rule ID: SV-53624r1_rule

Vulnerability ID: V-26598

Group Title: DTOO114 - Excel 2 worksheets

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.