Title

Customer-submitted templates downloads from Office.com must be disallowed. (Cat II impact)

Discussion

This policy setting controls whether Office 2010 users can download templates from the community area of Office.com by clicking New on the Microsoft Office menu. If you enable this policy setting, Office 2010 users cannot download customer-submitted templates from Office.com. However, access to templates posted by Microsoft and its partners are not affected.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Tools | Options | General | Web Options... "Disable customer-submitted templates downloads from Office.com" must be set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\internet Criteria: If the value DisableCustomerSubmittedDownload is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Tools | Options | General | Web Options... "Disable customer-submitted templates downloads from Office.com" to "Enabled".

Additional Identifiers

Rule ID: SV-241965r961092_rule

Vulnerability ID: V-241965

Group Title: SRG-APP-000210

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.