Microsoft Access 2003

  • Version/Release: V4R4
  • Published: 2014-10-03
  • Released: 2014-10-24
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

c
An unsupported version of Office is installed.
High - V-6324 - SV-6394r2_rule
RMF Control
Severity
High
CCI
Version
DTOG001
Vuln IDs
  • V-6324
Rule IDs
  • SV-6394r2_rule
Unsupported vendor software is not being updated or evaluated for security vulnerabilities.System AdministratorECSC-1
Checks: C-55617r1_chk

If running any Office 2003 version software, this is a finding.

Fix: F-5847r3_fix

Upgrade to Office 2007 or higher.

b
The latest Office service pack is not installed.
Medium - V-6325 - SV-6395r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOG002
Vuln IDs
  • V-6325
Rule IDs
  • SV-6395r1_rule
The lastest service pack needs to be applied to ensure all security related patches are incorporated and that the software is a t supported service level.System AdministratorECSC-1
Checks:

Fix: F-5848r1_fix

For Office XP, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These versions represent having Office XP SP 3 installed. Excel.exe 10.0.6501.0 Frontpg.exe 10.0.6308.0 Msaccess.exe 10.0.6501.0 Mspub.exe 10.0.6308.0 Outlook.exe 10.0.6626.0 Powerpnt.exe 10.0.6501.0 Winword.exe 10.0.6612.0 For Office 2000, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These versions represent having Office 2000 SP 3 installed. Microsoft Access Msaccess.exe 9.0.6926 Microsoft Excel Excel.exe 9.0.6926 Microsoft Outlook Outlook.exe 9.0.0.6627 Microsoft PowerPoint Powerpnt.exe 9.0.6620 Microsoft Word Winword.exe 9.0.6926 For Office 2003, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These version represent having Office 2003 SP 1 installed. Excel.exe 11.0.6355.0 Frontpg.exe 11.0.6356.0 Infopath.exe 11.0.6357.0 Msaccess.exe 11.0.6355.0 Outlook.exe 11.0.6353.0 Powerpnt.exe 11.0.6361.0 Winword.exe 11.0.6359.0 Mspub.exe 11.0.6255.0 Please note that in many cases Office service packs are not cummulative and there are level sets that must be installed before the current servicce pack.

b
The Macro Security Level option in Office 2000, XP (2002), or 2003 applications is not set to Medium, High, or Very High.
Medium - V-6326 - SV-6396r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO001
Vuln IDs
  • V-6326
Rule IDs
  • SV-6396r1_rule
The security level controls the action of macros. Macros can be embedded into documents to be executed at the time the document is opened. This can potentially intitiate a malicious action.System AdministratorDCMC-1
Checks: C-620r1_chk

Procedure: This check must be performed once for each Office 2000 application, once for each Office XP application, and once for each Office 2003 application: a) Start the MS Word application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. b) Start the MS Excel application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. c) Start the MS PowerPoint application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. d) Start the MS Outlook application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. Criteria: If the Security Level option specifies a value other than Very High, High or Medium in any application, then this is a Finding.

Fix: F-5849r1_fix

For each Office 2000/Office XP/Office2003 application, perform the check once. Start the application and on the Tools menu, select the Macro item. On the Macro menu, select the Security... item. On the Security window, select the Security Level tab. On the Security Level tab, change the value of the Security Level option so that it specifies Very High, High, or Medium.

b
The option for trusting all installed add-ins and templates is not disabled.
Medium - V-6327 - SV-6397r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO002
Vuln IDs
  • V-6327
Rule IDs
  • SV-6397r1_rule
This option ensures that macro security warning are displayed for all addins and templates. System AdministratorDCMC-1
Checks: C-621r1_chk

Procedure: a) Start the MS Word application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option. b) Start the MS Excel application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option. c) Start the MS PowerPoint application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option. d) Start the MS Outlook application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option. e) Start the MS Project application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option. Criteria: If the Trust all installed add-ins and templates is checked then this is a Finding.

Fix: F-5850r1_fix

For MS Word, MS Excel, MS PowerPoint, MS Outlook, and MS Project start each application and go to the Tools menu. On the Tools menu, select the Macro item followed by the Security... item. On the Security window, select the Security Level tab. Uncheck the box for Trust all installed add-ins and templates.

b
The Error Reporting tool for Office XP/2003 is installed or enabled.
Medium - V-6328 - SV-6398r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO003
Vuln IDs
  • V-6328
Rule IDs
  • SV-6398r1_rule
This could potentially send sensitive application data to the vendor and needs to be disabled.System AdministratorECSC-1
Checks: C-626r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key for Office XP: HKCU\Software\Policies\Microsoft\Office\10.0\Common. Look for the DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection value names. Use the Windows Registry Editor to navigate to the following key for Office 2003: HKCU\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW. Look for the DWReportee or DWNeverUpload value names. Criteria: For Office XP, if the value data for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection is not 1 (the number one) or the key is not found, then this is a Finding. For Office 2003, if the value data for DWReportee or DWNeverUpload entry is not 1 (the number one) or the key is not found, this is a finding.

Fix: F-5851r1_fix

For Office XP, navigate to registry key HKCU\Software\Policies\Microsoft\Office\10.0\Common. Change the values for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection to 1 (the number one). If the key does not exist, add it with the values at 1. For Office 2003, change the value of DWReportee or DWNeverUpload to 1 (the number one). If either key does not exist, add it with the value 1.

b
Office 2003 Customer Experience Improvement Program
Medium - V-12781 - SV-13346r1_rule
RMF Control
Severity
Medium
CCI
Version
DTOO004
Vuln IDs
  • V-12781
Rule IDs
  • SV-13346r1_rule
When sending data as part of the Customer Experience Improvement Program there is a possibility of exposing sensitive data. System AdministratorECAN-1
Checks: C-9326r1_chk

Use the Windows Registry Editor to navigate to the following key for Office 2003 HKCU HKEY_CURRENT_USER\Software\Microsoft\Office\Common Look for the QMEnable value. Criteria: For Office 2003, if the data for QMEnable value entry is not 0 or the key is not found, this is a finding.

Fix: F-12307r1_fix

Use the Windows Registry Editor to navigate to the following key for Office 2003 HKCU HKEY_CURRENT_USER\Software\Microsoft\Office\Common Look for the QMEnable value. Criteria: For Office 2003, ensure that the QMEnable value entry present and set to 0.