Check: DTOO210
Microsoft Excel 2013 STIG:
DTOO210
(in versions v1 r8 through v1 r6)
Title
The opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter must be blocked. (Cat II impact)
Discussion
By default, users are prompted to update automatic links.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Office 2013 Converters -> "Block opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\excel\security\fileblock Criteria: If the value excel12betafilesfromconverters is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Office 2013 Converters -> "Block opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter" to "Enabled".
Additional Identifiers
Rule ID: SV-242367r961473_rule
Vulnerability ID: V-242367
Group Title: SRG-APP-000384
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001764 |
Prevent program execution in accordance with organization-defined policies, rules of behavior, and/or access agreements regarding software program usage and restrictions; rules authorizing the terms and conditions of software program usage. |
Controls
| Number | Title |
|---|---|
| CM-7(2) |
Prevent Program Execution |