Title

Legacy format signatures must be enabled. (Cat II impact)

Discussion

Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 applications or previous versions. If an Office user opens an Excel, PowerPoint, or Word binary document with an XMLDSIG signature attached, the signature will be lost.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Signing "Legacy format signatures" must be set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\common\signatures Criteria: If the value XPCompatibleSignatureFormat is REG_DWORD = 1, this is not a finding.

Fix Text

Set he policy value for User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Signing "Legacy format signatures" to "Enabled".

Additional Identifiers

Rule ID: SV-241956r961863_rule

Vulnerability ID: V-241956

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.