Check: DTOO182 - Office
Microsoft Office System 2007:
DTOO182 - Office
(in versions v4 r15 through v4 r14)
Title
Configure the Help Improve Proofing Tools feature for Office. (Cat II impact)
Discussion
The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. Although this feature does not intentionally collect personal information, some of the content that is sent could include items that were marked as spelling or grammar errors, such as proper names and account numbers. However, any numbers such as account numbers, street addresses, and phone numbers are converted to zeroes when the data is collected. Microsoft uses this information solely to improve the effectiveness of the Office Proofing Tools, not to identify users. By default, this feature is enabled if users choose to participate in the Customer Experience Improvement Program (CEIP). If your organization has policies that govern the use of external resources such as the CEIP, allowing the use of the Help Improve Proofing Tools feature might cause them to violate these policies.
Check Content
The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Tools \ Options \ Spelling -> Proofing Data Collection “Improve Proofing Tools” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Common\PTWatson Criteria: If the value PTWOptIn is REG_DWORD = 0, this is not a finding.
Fix Text
The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Tools \ Options \ Spelling -> Proofing Data Collection “Improve Proofing Tools” will be set to “Disabled”. "Note: Group Policy Administrative Templates are available from the www.microsoft.com download site. The MS Office 2007 System (Office12.adm) is included in the AdminTemplates.exe file. This template provides the mechanisms to incorporate Microsoft Office 2007 System policies via the Microsoft Group Policy Editor (gpedit.msc)." "Note: If the Microsoft Group Policy Editor (gpedit.msc) is not used to incorporate the remediation to this vulnerability the Microsoft Registry Editor (regedit.exe) may be used to create the registry key and value required."
Additional Identifiers
Rule ID: SV-18770r1_rule
Vulnerability ID: V-17627
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |