Title

The Enable Updates and Disable Updates options in the UI must be hidden from users. (Cat II impact)

Discussion

This policy setting allows the user interface (UI) options to enable or disable Office automatic updates to be hidden from users. These options are found in the Product Information area of all Office applications installed via Click-to-Run. This policy setting has no effect on Office applications installed via Windows Installer. If this policy setting is enabled, the "Enable Updates" and "Disable Updates" options in the UI are hidden from users. If this policy setting is not configured, the "Enable Updates" and "Disable Updates" options are visible, and users can enable or disable Office automatic updates from the UI.

Check Content

Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine)->Updates->"Hide option to enable or disable updates" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\software\policies\Microsoft\office\15.0\common\officeupdate Criteria: If the value HideEnableDisableUpdates is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine)->Updates->"Hide option to enable or disable updates" is set to "Enabled".

Additional Identifiers

Rule ID: SV-228524r508020_rule

Vulnerability ID: V-228524

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.