Title

Automatic download of linked images must be disallowed. (Cat II impact)

Discussion

When users insert images into PowerPoint presentations, they can select Link to File instead of Insert. If they do so, the image is represented by a link to a file on disk instead of being embedded in the presentation file itself. By default, when PowerPoint opens a presentation it does not display any linked images saved on a different computer unless the presentation itself is saved in a trusted location (as configured in the Trust Center). If this configuration is changed, PowerPoint will load any images that were saved in remote locations, which presents a security risk.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security “Unblock automatic download of linked images” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\powerpoint\security Criteria: If the value DownloadImages is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security “Unblock automatic download of linked images” to “Disabled”.

Additional Identifiers

Rule ID: SV-33603r1_rule

Vulnerability ID: V-17809

Group Title: DTOO291 - Linked images

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.