Title

Corrupt workbook options must be disallowed. (Cat II impact)

Discussion

This setting controls whether Excel presents users with a list of data extraction options before beginning an Open and Repair operation when users choose to open a corrupt workbook in repair or extract mode. A corrupt Excel file may be indicative of malicious tampering. By allowing the automatic handling of corrupt spreadsheets, malicious code may be introduced to the user's computer and the network.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\microsoft\office\15.0\excel\options Criteria: If the value extractdatadisableui is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" to "Enabled".

Additional Identifiers

Rule ID: SV-53843r1_rule

Vulnerability ID: V-41346

Group Title: DTOO419 - Disallow corrupt workbook options

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.