Title

The Help Improve Proofing Tools feature for Office must be configured. (Cat II impact)

Discussion

The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. Although this feature does not intentionally collect personal information, some of the content sent could include items that were marked as spelling or grammar errors, such as proper names and account numbers. However, any numbers such as account numbers, street addresses, and phone numbers are converted to zeroes when the data is collected. Microsoft uses this information solely to improve the effectiveness of the Office Proofing Tools, not to identify users. By default, this feature is enabled, if users choose to participate in the Customer Experience Improvement Program (CEIP). If your organization has policies that govern the use of external resources such as the CEIP, allowing the use of the Help Improve Proofing Tools feature might cause them to violate these policies.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Tools \ Options \ Spelling -> Proofing Data Collection "Improve Proofing Tools" must be set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\ptwatson Criteria: If the value PTWOptIn is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Tools \ Options \ Spelling -> Proofing Data Collection "Improve Proofing Tools" to "Disabled".

Additional Identifiers

Rule ID: SV-241935r961863_rule

Vulnerability ID: V-241935

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.