Check: DTOO210
Microsoft Excel 2013 STIG:
DTOO210
(in versions v1 r7 through v1 r6)
Title
The opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter must be blocked. (Cat II impact)
Discussion
By default, users are prompted to update automatic links.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Office 2013 Converters -> "Block opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\excel\security\fileblock Criteria: If the value excel12betafilesfromconverters is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Office 2013 Converters -> "Block opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter" to "Enabled".
Additional Identifiers
Rule ID: SV-53824r1_rule
Vulnerability ID: V-17322
Group Title: DTOO210 - Block opening of pre-release versions
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001764 |
The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage. |
Controls
| Number | Title |
|---|---|
| CM-7 (2) |
Prevent Program Execution |