Cyber Trackr - Free Compliance Library
Cyber Trackr
The Free Compliance Library

Microsoft PowerPoint 2007 Security Technical Implementation Guide

  • Version/Release: V4R16
  • Published: 2017-10-02
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

b
Disable user name and password syntax from being used in URLs
Medium - V-17173 - SV-18179r3_rule
RMF Control
Severity
Medium
CCI
Version
DTOO104 - PowerPoint
Vuln IDs
  • V-17173
Rule IDs
  • SV-18179r3_rule
The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to create a hyperlink that appears to open a legitimate website but actually opens a deceptive (spoofed) website. For example, the URL http://www.wingtiptoys.com@example.com appears to open http://www.wingtiptoys.com but actually opens http://example.com. To protect users from such attacks, Internet Explorer usually blocks any URLs using this syntax. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a webpage). If user names and passwords in URLs are allowed, users could be diverted to dangerous webpages, which could pose a security risk. System AdministratorInformation Assurance Officer
Checks: C-17852r2_chk

Validate the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Disable user name and password” is set to “Enabled” and ‘powerpnt.exe’ and ‘pptview.exe’ are checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Criteria: If the value powerpnt.exe is REG_DWORD = 1, this is not a finding. HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Criteria: If the value pptview.exe is REG_DWORD = 1, this is not a finding.

Fix: F-16956r3_fix

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Disable user name and password” to “Enabled” and select the "powerpnt.exe" and "pptview.exe" check boxes.

b
Enable IE Bind to Object functionality for instances of IE launched from PowerPoint.
Medium - V-17174 - SV-18186r3_rule
RMF Control
Severity
Medium
CCI
Version
DTOO111 - PowerPoint
Vuln IDs
  • V-17174
Rule IDs
  • SV-18186r3_rule
Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the security settings for the zone in which the control is located do not allow it to be initialized. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a Web page). A security risk could occur if potentially dangerous controls are allowed to load. System AdministratorInformation Assurance Officer
Checks: C-17864r4_chk

Validate the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Bind to Object” is set to “Enabled” and "powerpnt.exe" and "pptview.exe" check boxes are checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT Criteria: If the value powerpnt.exe is REG_DWORD = 1, this is not a finding. HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT Criteria: If the value pptview.exe is REG_DWORD = 1, this is not a finding.

Fix: F-16962r3_fix

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Bind to Object” to “Enabled” and select the "powerpnt.exe" and "pptview.exe" check boxes.

b
Evaluate Saved from URL mark when launched from PowerPoint
Medium - V-17175 - SV-18201r3_rule
RMF Control
Severity
Medium
CCI
Version
DTOO117 - PowerPoint
Vuln IDs
  • V-17175
Rule IDs
  • SV-18201r3_rule
Typically, when Internet Explorer loads a Web page from a UNC share that contains a Mark of the Web (MOTW) comment that indicates the page was saved from a site on the Internet, Internet Explorer runs the page in the Internet security zone instead of the less restrictive Local Intranet security zone. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a Web page). If Internet Explorer does not evaluate the page for a MOTW, potentially dangerous code could be allowed to run.System AdministratorInformation Assurance Officer
Checks: C-17884r4_chk

Validate the policy value for Computer Configuration -> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Saved from URL” is set to “Enabled” and "powerpnt.exe" and "pptview.exe" check boxes are checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK Criteria: If the value powerpnt.exe is REG_DWORD = 1, this is not a finding. HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK Criteria: If the value pptview.exe is REG_DWORD = 1, this is not a finding.

Fix: F-17048r3_fix

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Saved from URL” to “Enabled” and select the "PowerPnt.exe" and "PPTView.exe" check boxes.

b
Block navigation to URL embedded in Office products to protect against attack by malformed URL.
Medium - V-17183 - SV-18208r3_rule
RMF Control
Severity
Medium
CCI
Version
DTOO123 - PowerPoint
Vuln IDs
  • V-17183
Rule IDs
  • SV-18208r3_rule
To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a Web page). If Internet Explorer attempts to load a malformed URL, a security risk could occur in some cases.System AdministratorInformation Assurance Officer
Checks: C-17891r4_chk

Validate the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Navigate URL” is set to “Enabled” and "powerpnt.exe" and "pptview.exe" check boxes are checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL Criteria: If the value powerpnt.exe is REG_DWORD = 1, this is not a finding. HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL Criteria: If the value pptview.exe is REG_DWORD = 1, this is not a finding. Fix Text: Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Navigate URL” to “Enabled” and select the "powerpnt.exe" and "pptview.exe" check boxes.

Fix: F-17054r3_fix

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Navigate URL” to “Enabled” and select the "powerpnt.exe" and "pptview.exe" check boxes.

b
Block pop-ups for links that invoke instances of IE from within PowerPoint.
Medium - V-17184 - SV-18211r3_rule
RMF Control
Severity
Medium
CCI
Version
DTOO129 - PowerPoint
Vuln IDs
  • V-17184
Rule IDs
  • SV-18211r3_rule
The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a Web page). If the Pop-up Blocker is disabled, disruptive and potentially dangerous pop-up windows could load and present a security risk.System AdministratorInformation Assurance Officer
Checks: C-17894r4_chk

Validate the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Block popups” is set to “Enabled” and "powerpnt.exe" and "pptview.exe" check boxes are checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT Criteria: If the value powerpnt.exe is REG_DWORD = 1, this is not a finding. HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT Criteria: If the value pptview.exe is REG_DWORD = 1, this is not a finding.

Fix: F-17056r3_fix

Set the policy value for Computer Configuration >> Administrative Templates >> Microsoft Office 2007 system (Machine) >> Security Settings >> IE Security “Block popups” to “Enabled” and select the "powerpnt.exe" and "pptview.exe" check boxes.

b
Disable Trust Bar Notification for unsigned application add-ins -PowerPoint
Medium - V-17187 - SV-18222r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO131 - PowerPoint
Vuln IDs
  • V-17187
Rule IDs
  • SV-18222r1_rule
By default, if an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message that informs users about the unsigned add-in.System AdministratorInformation Assurance Officer
Checks: C-17915r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security Criteria: If the value NoTBPromptUnsignedAddin is REG_DWORD = 1, this is not a finding.

Fix: F-17082r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center “Disable Trust Bar Notification for unsigned application add-ins” will be set to “Enabled”.

b
Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter - System
Medium - V-17322 - SV-18562r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO210 - Powerpoint
Vuln IDs
  • V-17322
Rule IDs
  • SV-18562r1_rule
The Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats enables users of Microsoft Word 2000, Word 2002, and Office Word 2003 to open files saved in the Office Open XML format used by Word 2007. Word Open XML files usually have the following extensions: • .docx • .docm • .dotx • .dotm • .xml By default, the Compatibility Pack does not open files that were saved in pre-release versions of the new Office Open XML format, which underwent some minor changes prior to the final release of Word 2007. If this configuration is changed, through a registry modification or by some other mechanism, users with the Compatibility Pack installed can open files saved by some pre-release versions of Word, but not by others, which can lead to inconsistent file opening functionality. System AdministratorInformation Assurance Officer
Checks: C-18828r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Office 2007 Converters “Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock Criteria: If the value PowerPoint12BetaFilesFromConverters is REG_DWORD = 1, this is not a finding.

Fix: F-17426r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Office 2007 Converters “Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter” will be set to “Enabled”.

b
Disable all Trusted Locations.
Medium - V-17471 - SV-18530r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO133 - Powerpoint
Vuln IDs
  • V-17471
Rule IDs
  • SV-18530r1_rule
Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. By default, files located in trusted locations (those specified in the Trust Center) are assumed to be safe. System AdministratorInformation Assurance Officer
Checks: C-18819r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center -> Trusted Locations “Disable all trusted locations” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\Trusted Locations Criteria: If the value AllLocationsDisabled is REG_DWORD = 1, this is not a finding.

Fix: F-17411r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center -> Trusted Locations “Disable all trusted locations” will be set to “Enabled”.

b
Determine whether to force encrypted macros to be scanned in open XML presentations.
Medium - V-17473 - SV-18535r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO142 - Powerpoint
Vuln IDs
  • V-17473
Rule IDs
  • SV-18535r1_rule
When an Office Open XML document (Word, Excel, Powerpoint) is rights-managed or password-protected, any macros that are embedded in the document are encrypted along with the rest of the contents. By default, these encrypted macros will be disabled unless they are scanned by antivirus software immediately before being loaded. If this default configuration is modified, Office 2007 products will not require encrypted macros to be scanned before loading. They will be handled as specified by the Office 2007 System macro security settings, which can cause macro viruses to load undetected and lead to data loss or reduced application functionality. System AdministratorInformation Assurance Officer
Checks: C-18822r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security Criteria: If the value PowerPointBypassEncryptedMacroScan is REG_DWORD = 1, this not a finding.

Fix: F-17414r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations” will be set to “Enabled”.

b
Disable feature that would block older version of office products from saving files to open XML formats.
Medium - V-17503 - SV-18575r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO155 - PowerPoint
Vuln IDs
  • V-17503
Rule IDs
  • SV-18575r1_rule
The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared with the previous binary file types supported in Office 2003, including the potential to reduce the effects of malicious code. Files can be identified as unable to run code, and will therefore ignore any embedded code. Also, any files that do have embedded code are easier to identify. For users who run older versions of these applications, Microsoft offers the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, which enables them to open and save Open XML files. The Compatibility Pack can be used with the following Microsoft Office programs: • Word 2000 with Service Pack 3, Excel 2000 with Service Pack 3, and PowerPoint 2000 with Service Pack 3 • Word 2002 with Service Pack 3, Excel 2002 with Service Pack 3, and PowerPoint 2002 with Service Pack 3 • Word 2003 with at least Service Pack 1, Excel 2003 with at least Service Pack 1, and PowerPoint 2003 with at least Service Pack 1 • Microsoft Office Word Viewer 2003 • Microsoft Office Excel Viewer 2003 • Microsoft Office PowerPoint Viewer 2003 If users cannot save files in Office Open XML format for some reason, they will be unable to take advantage of the security benefits of the new file types. System AdministratorInformation Assurance Officer
Checks: C-18831r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Save “Block saving of Open Xml file types” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock Criteria: If the value OpenXmlFiles is REG_DWORD = 0, this is not a finding.

Fix: F-17429r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Save “Block saving of Open Xml file types” will be set to “Disabled”.

b
Block opening of "open XML" format files created by pre-release versions of PowerPoint
Medium - V-17518 - SV-18590r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO153 - PowerPoint
Vuln IDs
  • V-17518
Rule IDs
  • SV-18590r1_rule
By default, users can open files that were saved in pre-release versions of the new Office Open XML format, which underwent some minor changes prior to the final release of Office 2007. Open XML files usually have the following extensions: • .xlsb • .xlsx • .xlsm • .xltx • .xltm • .xlam If a vulnerability is discovered that affects these kinds of files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available. By default, these file types are not blocked in Office 2007 products. System AdministratorInformation Assurance Officer
Checks: C-18834r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of pre-release versions of file formats new to PowerPoint 2007” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock Criteria: If the value PowerPoint12BetaFiles is REG_DWORD = 1, this is not a finding.

Fix: F-17434r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of pre-release versions of file formats new to PowerPoint 2007” will be set to “Enabled”.

b
Block Opening of "Open XML" file types to prevent them automatically executing code.
Medium - V-17519 - SV-18594r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO154 - PowerPoint
Vuln IDs
  • V-17519
Rule IDs
  • SV-18594r1_rule
The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared to the previous binary file types supported in Office 2003, including the potential to reduce the effects of malicious code. Files can be identified as unable to run code, and will therefore ignore any embedded code. Also, any files that do have embedded code are easier to identify. If a vulnerability is discovered that affects Office Open XML files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available. System AdministratorInformation Assurance Officer
Checks: C-18837r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of Open Xml files types” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock Criteria: If the value OpenXmlFiles is REG_DWORD = 0, this is not a finding.

Fix: F-17437r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of Open Xml files types” will be set to “Disabled”.

b
Disable settings for content and add-ins that "Allow trusted locations not on computer" that might bypass more stringent security checks.
Medium - V-17520 - SV-18599r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO134 - PowerPoint
Vuln IDs
  • V-17520
Rule IDs
  • SV-18599r1_rule
By default, files located in trusted locations and specified in the Trust Center are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with minimal security and without prompting the user for permission. By default, users can specify trusted locations on network shares or in other remote locations that are not under their direct control by selecting the Allow Trusted Locations on my network (not recommended) check box in the Trusted Locations section of the Trust Center. If a dangerous file is opened from a trusted location, it will not be subject to typical security measures and could affect users' computers or data. System AdministratorInformation Assurance Officer
Checks: C-18841r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations not on the computer” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\Trusted Locations Criteria: If the value AllowNetworkLocations is REG_DWORD = 0, this is not a finding.

Fix: F-17441r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center -> Trusted Locations “Allow Trusted Locations not on the computer” will be set to “Disabled”.

b
Save files default format as backward compatible, not as XML.
Medium - V-17521 - SV-18607r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO139 - PowerPoint
Vuln IDs
  • V-17521
Rule IDs
  • SV-18607r1_rule
By default, Office 2007 producst save new workbooks in the Office Open XML format. For users who run prior versions of Office products, Microsoft offers the Microsoft Office Compatibility Pack, which enables these versions to open and save open XML format. If some users in your organization cannot install the Compatibility Pack, or are running other versions of Office products these users might not be able to access Excel files saved in the Open XML format.System AdministratorInformation Assurance Officer
Checks: C-18848r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Save “save files in this format” will be set to “Enabled (PowerPoint 97-2003 Presentation (*.ppt) or Enabled (PowerPoint Presentation (*.pptx)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Options Criteria: If the value DefaultFormat is REG_DWORD = 0 for Powerpoint 97 - 2003 or DefaultFormat is REG_DWORD = 1b (hex) 27 (dec) for Powerpoint 2007 , this is not a finding.

Fix: F-17448r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Save “save files in this format” will be set to “Enabled (PowerPoint 97-2003 Presentation (*.ppt) or Enabled (PowerPoint Presentation (*.pptx)”.

b
Disable Trust access for VBA into Excel, Word, and PowerPoint.
Medium - V-17522 - SV-18611r4_rule
RMF Control
Severity
Medium
CCI
Version
DTOO146 - PowerPoint
Vuln IDs
  • V-17522
Rule IDs
  • SV-18611r4_rule
VSTO projects require access to the Visual Basic for Applications project system in Excel 2007, PowerPoint 2007, and Word 2007, even though the projects do not use Visual Basic for Applications. Design-time support of controls in both Visual Basic and C# projects depends on the Visual Basic for Applications project system in Word and Excel. By default, Excel, Word, and PowerPoint do not allow automation clients to have programmatic access to VBA projects. Users can enable this by selecting the Trust access to the VBA project object model in the Macro Settings section of the Trust Center. However, doing so allows macros in any documents the user opens to access the core Visual Basic objects, methods, and properties, which represents a potential security hazard. System AdministratorInformation Assurance Officer
Checks: C-18851r4_chk

Validate the policy value for User Configuration >> Administrative Templates >> Microsoft Office PowerPoint 2007 >> PowerPoint Options >> Security >> Trust Center “Trust access to Visual Basic Project” is set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\ If the value for AccessVBOM is REG_DWORD=0, this is not a finding.

Fix: F-17451r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center “Trust access to Visual Basic Project” will be set to “Disabled”.

b
Enable Warning Bar settings for VBA macros contained in PowerPoint Files.
Medium - V-17545 - SV-18639r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO304 - PowerPoint
Vuln IDs
  • V-17545
Rule IDs
  • SV-18639r1_rule
By default, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that macros are present and have been disabled. Users can inspect and edit the files if appropriate, but cannot use any disabled functionality until they enable it by clicking Options on the Trust Bar and selecting the appropriate action. If users enable dangerous macros, it could affect their computers or cause sensitive information to be compromised. System AdministratorInformation Assurance Officer
Checks: C-18856r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center “VBA Macro Warning Settings” will be set to “Enabled (Trust Bar warning for all macros)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security Criteria: If the value VBAWarnings is REG_DWORD = 2, this is not a finding.

Fix: F-17467r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security -> Trust Center “VBA Macro Warning Settings” will be set to “Enabled (Trust Bar warning for all macros)”.

b
Block PowerPoint from automatically opening converters to view older PowerPoint presentations.
Medium - V-17563 - SV-18665r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO299 - PowerPoint
Vuln IDs
  • V-17563
Rule IDs
  • SV-18665r1_rule
PowerPoint 2007 requires the use of a conversion tool to open presentations saved in versions of PowerPoint older than PowerPoint 97, such as PowerPoint 95, PowerPoint 4.0, and others. If a vulnerability is discovered that affects these kinds of files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available. System AdministratorInformation Assurance Officer
Checks: C-18864r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of Converters” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock Criteria: If the value Converters is REG_DWORD = 1, this is not a finding.

Fix: F-17480r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of Converters” will be set to “Enabled”.

b
Make hidden markup invisible - PowerPoint
Medium - V-17752 - SV-18943r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO290 - PowerPoint
Vuln IDs
  • V-17752
Rule IDs
  • SV-18943r1_rule
PowerPoint presentations that are saved in standard or HTML format can contain a flag indicating whether markup (comments or ink annotations) in the presentation should be visible when the presentation is open. By default, PowerPoint 2007 ignores this flag when opening a file, and always displays any markup present in the file. In addition, when saving a file, PowerPoint sets the flag to display markup when the presentation is next opened. If this default configuration is changed, PowerPoint sets the flag according to the state of the Show Markup option on the Review tab of the Ribbon when it saves presentations in standard or HTML format. In addition, PowerPoint enables or disables the Show Markup option according to the way the flag is set when it opens files, which means that a presentation saved with hidden markup is opened with the markup still hidden. If a file is saved with hidden markup, users might inadvertently distribute sensitive comments or information to others via the presentation file. System AdministratorInformation Assurance Officer
Checks: C-19014r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Make hidden markup visible” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Options Criteria: If the value MarkupOpenSave is REG_DWORD = 1, this is not a finding.

Fix: F-17651r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Make hidden markup visible” will be set to “Enabled”.

b
Disable the ability to run programs from a PowerPoint presentation.
Medium - V-17788 - SV-19007r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO289 - PowerPoint
Vuln IDs
  • V-17788
Rule IDs
  • SV-19007r1_rule
Action buttons can be used to launch external programs from PowerPoint 2007 presentations. If a malicious person adds an action button to a presentation that launches a dangerous program, it could significantly affect the security of a user's computer and data.System AdministratorInformation Assurance Officer
Checks: C-19042r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Run Programs” will be set to “Enabled (disable (don't run any programs))”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security Criteria: If the value RunPrograms is REG_DWORD = 0, this is not a finding

Fix: F-17688r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Run Programs” will be set to “Enabled (disable (don't run any programs))”.

b
Disable the feature to "unblock automatic download of linked images" in PowerPoint.
Medium - V-17809 - SV-19044r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO291 - PowerPoint
Vuln IDs
  • V-17809
Rule IDs
  • SV-19044r1_rule
When users insert images into PowerPoint 2007 presentations, they can select Link to File instead of Insert. If they do so, the image is represented by a link to a file on disk instead of being embedded in the presentation file itself. By default, when PowerPoint opens a presentation it does not display any linked images saved on a different computer unless the presentation itself is saved in a trusted location (as configured in the Trust Center). If this configuration is changed, PowerPoint will load any images that were saved in remote locations, which presents a security risk. System AdministratorInformation Assurance Officer
Checks: C-19070r1_chk

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Unblock automatic download of linked images” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security Criteria: If the value DownloadImages is REG_DWORD = 0, this is not a finding

Fix: F-17710r1_fix

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> PowerPoint Options -> Security “Unblock automatic download of linked images” will be set to “Disabled”.

c
An unsupported Microsoft Office version must not be installed.
High - V-25884 - SV-32370r3_rule
RMF Control
Severity
High
CCI
Version
DTOO287
Vuln IDs
  • V-25884
Rule IDs
  • SV-32370r3_rule
Failure to install the most current Office version leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities. If Microsoft Office installation is not at the most current version and service pack level, this is a Category 1 finding since new vulnerabilities will not be patched. Office 2007 is End of Life. System Administrator
Checks: C-32765r4_chk

To determine what service pack level is installed, start the Office application. Click on the Office Menu Button (upper left), click "Options" at the bottom of the menu, and select "Resources" from the left column. The version number will be displayed alongside the "About" button on the right-hand side display. If the "About" box information displays an Office 2007 version, this is a finding.

Fix: F-28840r3_fix

Upgrade to Office 2010, Office 2013, or Office 2016.