Check: DTOO322 - Publisher
Microsoft Publisher 2010 STIG:
DTOO322 - Publisher
(in versions v1 r11 through v1 r9)
Title
Fatally corrupt files must be blocked from opening. (Cat II impact)
Discussion
Enabling this setting allows user to open fatally corrupt Publisher 2010 files. As a result, malicious code or users could become active on user computers or the network. For example, a malicious user may purposely corrupt a Publisher file. The corrupted file could force the application to fail or execute malicious code, giving the malicious user control of Publisher 2010.
Check Content
The policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security “Prompt to allow fatally corrupt files to open instead of blocking them” must be set to “Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\publisher Criteria: If the value PromptForBadFiles is REG_DWORD = 0, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security “Prompt to allow fatally corrupt files to open instead of blocking them” to “Disabled".
Additional Identifiers
Rule ID: SV-34092r1_rule
Vulnerability ID: V-26707
Group Title: DTOO322 - Prompt files to open instead of blocking
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
Controls
| Number | Title |
|---|---|
| SC-18 (1) |
Identify Unacceptable Code / Take Corrective Actions |