Title

Save files default format must be configured. (Cat II impact)

Discussion

When users create new PowerPoint files, PowerPoint 2010 saves them in the new *.pptx format. Ensure this setting is enabled to specify that all new files are created in PowerPoint 2010. If a new file is created in an earlier format, some users may not be able to open or use the file, or they may choose a format this is less secure than the PowerPoint 2010 format. Users can still select a specific format when they save files, but they cannot change default of this setting from the PowerPoint Options dialog box. This enforced user behavior ensures any change to the file format requires additional deliberate user interaction.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Save "default file format" must be set to "Enabled PowerPoint Presentation (*.pptx)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\powerpoint\options Criteria: If the value DefaultFormat is REG_DWORD = 1b (hex) 27 (dec) , this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Save "default file format" to "Enabled PowerPoint Presentation (*.pptx)".

Additional Identifiers

Rule ID: SV-242153r960963_rule

Vulnerability ID: V-242153

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.