Check: DTOO291
Microsoft PowerPoint 2013 STIG:
DTOO291
(in versions v1 r6 through v1 r5)
Title
Automatic download of linked images must be disallowed. (Cat II impact)
Discussion
When users insert images into PowerPoint presentations, they can select Link to File instead of Insert. If they do so, the image is represented by a link to a file on disk instead of being embedded in the presentation file itself. By default, when PowerPoint opens a presentation it does not display any linked images saved on a different computer unless the presentation itself is saved in a trusted location (as configured in the Trust Center). If this configuration is changed, PowerPoint will load any images that were saved in remote locations, which presents a security risk.
Check Content
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2013 -> PowerPoint Options -> Security "Unblock automatic download of linked images" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\PowerPoint\security Criteria: If the value DownloadImages is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2013 -> PowerPoint Options -> Security "Unblock automatic download of linked images" to "Disabled".
Additional Identifiers
Rule ID: SV-55919r1_rule
Vulnerability ID: V-17809
Group Title: DTOO291 - Linked images
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001169 |
The information system prevents the download of organization-defined unacceptable mobile code. |
Controls
Number | Title |
---|---|
SC-18 (3) |
Prevent Downloading / Execution |