Title

Corrupt workbook options must be disallowed. (Cat II impact)

Discussion

This policy setting controls whether Excel presents users with a list of data extraction options before beginning an Open and Repair operation when users choose to open a corrupt workbook in repair or extract mode. If you enable this policy setting, Excel opens the file using the Safe Load process and does not prompt users to choose between repairing or extracting data. If you disable or do not configure this policy setting, Excel prompts the user to select either to repair or to extract data, and to select either to convert to values or to recover formulas.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\16.0\excel\options Criteria: If the value extractdatadisableui is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" to "Enabled".

Additional Identifiers

Rule ID: SV-238193r879628_rule

Vulnerability ID: V-238193

Group Title: SRG-APP-000207

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.