Title

The opening of pre-release versions of file formats new to PowerPoint 2013 through the Compatibility Pack for Office 2013 and PowerPoint 2013 Converter must be blocked. (Cat II impact)

Discussion

Versions of file formats from pre-release versions of Office applications may introduce bugs found in those pre-release versions of the applications which have been subsequently fixed in the final release version.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Office 2013 Converters -> "Block opening of pre-release versions of file formats new to PowerPoint 2013 through the Compatibility Pack for Office 2013 and PowerPoint 2013 Converter" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\PowerPoint\security\fileblock Criteria: If the value powerpoint12betafilesfromconverters is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Office 2013 Converters -> "Block opening of pre-release versions of file formats new to PowerPoint 2013 through the Compatibility Pack for Office 2013 and PowerPoint 2013 Converter" to "Enabled".

Additional Identifiers

Rule ID: SV-242764r961473_rule

Vulnerability ID: V-242764

Group Title: SRG-APP-000384

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.