Title

Hyperlink warnings for Office must be configured for use. (Cat II impact)

Discussion

Unsafe hyperlinks are links that might pose a security risk if users click them. Clicking an unsafe link could compromise the security of sensitive information or harm the computer. Links that Office considers unsafe include links to executable files, TIFF files, and Microsoft Document Imaging (MDI) files. Other unsafe links are those using protocols considered to be unsafe, including msn, nntp, mms, outlook, and stssync.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Security Settings "Suppress hyperlink warnings" is set to "Disabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\security Criteria: If the value “DisableHyperLinkWarning” is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Security Settings "Suppress hyperlink warnings" to "Disabled".

Additional Identifiers

Rule ID: SV-52731r4_rule

Vulnerability ID: V-17659

Group Title: DTOO194 - Hyperlink warnings for Office

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.