Title

Updating of links in Excel must be prompted and not automatic. (Cat II impact)

Discussion

This policy setting controls whether Excel prompts users to update automatic links, or whether the updates occur in the background with no prompt. If you enable or do not configure this policy setting, Excel will prompt users to update automatic links. In addition, the "Ask to update automatic links" user interface option under File tab >> Advanced >> General is selected. If you disable this policy setting, Excel updates automatic links without prompting or informing users, which could compromise the integrity of some of the information in the workbook.

Check Content

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Advanced >> Ask to update automatic links is set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\microsoft\office\16.0\excel\options\binaryoptions If the value for fupdateext_78_1 is REG_DWORD = 0, this is not a finding.

Fix Text

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Advanced >> Ask to update automatic links to "Enabled".

Additional Identifiers

Rule ID: SV-223328r961092_rule

Vulnerability ID: V-223328

Group Title: SRG-APP-000210

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.