Title

Legacy format signatures must be enabled. (Cat II impact)

Discussion

Office applications use the XML-based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 applications or previous versions. If an Office user opens an Excel, PowerPoint, or Word binary document with an XMLDSIG signature attached, the signature will be lost.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Signing "Legacy format signatures" is set to "Enabled". Use the Windows Registry Editor to navigate to the following HKCU\Software\Policies\Microsoft\Office\15.0\common\signatures If the value 'EnableCreationOfWeakXPSignatures' is REG_DWORD = 1, this is not a finding. Fix Text: Set the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Signing "Legacy format signatures" to "Enabled".

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Signing "Legacy format signatures" to "Enabled".

Additional Identifiers

Rule ID: SV-228520r508020_rule

Vulnerability ID: V-228520

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.