Title

Block opening of "open XML" format files created by pre-release versions of PowerPoint (Cat II impact)

Discussion

By default, users can open files that were saved in pre-release versions of the new Office Open XML format, which underwent some minor changes prior to the final release of Office 2007. Open XML files usually have the following extensions: • .xlsb • .xlsx • .xlsm • .xltx • .xltm • .xlam If a vulnerability is discovered that affects these kinds of files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available. By default, these file types are not blocked in Office 2007 products.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of pre-release versions of file formats new to PowerPoint 2007” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock Criteria: If the value PowerPoint12BetaFiles is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of pre-release versions of file formats new to PowerPoint 2007” will be set to “Enabled”.

Additional Identifiers

Rule ID: SV-18590r1_rule

Vulnerability ID: V-17518

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.