Microsoft Office System 2007 Security Technical Implementation Guide


Version / Release: V4R15

Published: 2017-10-02

Updated At: 2018-10-12 01:23:27

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements




Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-18643r2_rule DTOO191 - Office MEDIUM ActiveX control initialization method to ensure save behavior. ActiveX controls can adversely affect a computer directly. In addition, malicious code can be used to compromise an ActiveX control and attack a computer. To indicate the safety of an ActiveX control, developers can denote them as Safe For Initialization
    SV-18659r1_rule DTOO196 - Office MEDIUM Do not allow a mix of policy and user locations for Office Products. When Microsoft Office Access™ 2007, Excel® 2007, PowerPoint® 2007, and Word 2007 files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified about any potential risks that might be contained in t
    SV-18661r1_rule DTOO181 - Office CCI-000366 LOW Do not allow choice of output to include PNG (Portable Network Graphics) Excel 2007, PowerPoint 2007, and Word 2007 can save graphic files in Portable Network Graphics (PNG) format to improve the quality of the graphics when documents are saved as Web pages. The PNG graphic file format (.png) is used for a wide range of graphi
    SV-18669r1_rule DTOO213 - Office 2007 MEDIUM Block Office from receiving updates from the Office Update Site. Obtaining updates from the Office Update site allows users to ensure that their 2007 Microsoft Office installation is kept up to date. However, in many situations administrators will want users to obtain their updates from a local server at the time of th
    SV-18701r1_rule DTOO212 - Office MEDIUM Control Blogging entries created from inside Office products. The blogging feature in Word 2007 enables users to compose blog entries and post them to their blogs directly from Word, without using any additional software. By default, users can post blog entries to any compatible blogging service provider, including
    SV-18782r1_rule DTOO200 - Office 2007 MEDIUM Allow users with earlier versions of Office to read with browsers - System The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2007 Office release to view, but not alter, files with restricted permissions. By default, IRM-enabled files are saved in a format that cannot be viewed
    SV-18714r1_rule DTOO177 - Office MEDIUM Disable access to updates, add-ins, and patches on the Office Online Website - Office. Having access to updates, add-ins, and patches on the Office Online Web site can help users ensure that their computers are up to date and equipped with the latest security patches. However, to ensure that updates are tested and applied in a consistent ma
    SV-18717r1_rule DTOO186 - Office MEDIUM Disable the ability for users to Disable Trust Bar notifications for Security messages - Office The Message Bar in 2007 Office applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the unsafe feature or content and displays the Message Bar at t
    SV-18740r1_rule DTOO207 - Office 2007 MEDIUM Always show Document Information Panel Beaconing UI - Office InfoPath 2007 can be used to create custom Document Information Panels that can be attached to Excel 2007 workbooks, PowerPoint 2007 presentations, and Word 2007 documents. A malicious user could insert a Web beacon into an InfoPath form that is used to
    SV-18747r1_rule DTOO184 - Office 2007 MEDIUM Disable the "Enable Customer Experience Improvement Program" for Office. When users choose to participate in the Customer Experience Improvement Program (CEIP), 2007 Office applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Mic
    SV-18755r2_rule DTOO190 - Office 2007 MEDIUM Set encryption type for password protected Office 97 thru Office 2003 files - Office If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and password protected. Only users who know the correct password will
    SV-18758r1_rule DTOO189 - Office 2007 MEDIUM Encryption type for password protected Open XML files - Office If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, 2007 Office application files can be encrypted and password protected. Only users who know the correct password will be ab
    SV-18770r1_rule DTOO182 - Office MEDIUM Configure the Help Improve Proofing Tools feature for Office. The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collecti
    SV-18802r1_rule DTOO205 - Office 2007 MEDIUM Enable the "Disable Check for Solutions" in Office. Office Diagnostics collects relevant diagnostic information when Office applications crash and prompts users to transmit the data to Microsoft, directs them to a Web page that contains information about the crash and, if possible, advice about resolving t
    SV-18814r1_rule DTOO194 - Office MEDIUM Configure the "disable hyperlink warnings" for Office to Disable. Unsafe hyperlinks are links that might pose a security risk if users click them. Clicking an unsafe link could compromise the security of sensitive information or harm the computer. Links that 2007 Office considers unsafe include links to executable files
    SV-18816r1_rule DTOO206 - Office MEDIUM Disable inclusion of document properties for PDF and XPS output - Office. By default, if the Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office Programs add-in is installed, document properties are saved as metadata when users save files using the PDF or XPS or Publish as PDF or XPS commands in Access 2007, Excel 200
    SV-18818r1_rule DTOO198 - Office MEDIUM Disable the ability for Office users to use the Internet Fax Feature. Excel 2007, PowerPoint 2007, and Word 2007 users can use the Internet Fax feature to send documents to fax recipients through an Internet fax service provider. If your organization has policies that govern the time, place, or manner in which faxes are sen
    SV-18820r1_rule DTOO202 - Office MEDIUM Disable Microsoft passport Service for content with restricted permissions - Office. The Information Rights Management feature of the 2007 Microsoft Office release allows individuals and administrators to specify access permissions to Word 2007 documents, Excel 2007 workbooks, PowerPoint 2007 presentations, and Outlook 2007 e-mail message
    SV-18824r1_rule DTOO183 - Office MEDIUM Disable the Opt-In Wizard that enables first time users to opt into Internet–based Microsoft services. By default, the Opt-in Wizard displays the first time users run a 2007 Microsoft Office application, which allows them to opt into Internet–based services that will help improve their Office experience, such as Microsoft Update, the Customer Experience
    SV-18826r1_rule DTOO195 - Office MEDIUM Configure the "Disable Password to Open UI" for password secured documents. If 2007 Office users add passwords to documents, other users can be prevented from opening the documents. This capability can provide an extra level of protection to documents that are already protected by access control lists, or provide a means of secur
    SV-18834r1_rule DTOO197 - Office MEDIUM Disable Smart Documents use of Manifests in Office An XML expansion pack is the group of files that constitutes a Smart Document in Excel 2007 and Word 2007. You package one or more components that provide the logic needed for a Smart Document by using an XML expansion pack. These components can include a
    SV-18836r1_rule DTOO208 - Office MEDIUM Disable the Office client from polling the Sharepoint server for published links. By default, users of 2007 Office applications can see and use links to Microsoft Office SharePoint Server sites from those applications. Administrators configure published links to Office applications during initial deployment, and can add or change links
    SV-18906r1_rule DTOO201 - Office MEDIUM Always require users to connect to verify permissions - Office. By default, users are not required to connect to the network to verify permissions. If users do not need their licenses confirmed when attempting to open 2007 Office documents, they might be able to access documents after their licenses have been revoked.
    SV-18922r1_rule DTOO185 - Office MEDIUM Disable Automatic receiving of small updates to improve reliability - Office. Office Diagnostics is used to improve the user experience by periodically downloading a small file to the computer with updated help information about specific problems. If Office Diagnostics is enabled, it collects information about specific errors and t
    SV-18924r1_rule DTOO193 - Office MEDIUM Enable Automation Security to enforce macro level security in Office documents By default, when a separate program is used to launch Microsoft Office Excel 2007, PowerPoint 2007, or Word 2007 programmatically, any macros can run in the programmatically opened application without being blocked. This functionality could allow an attac
    SV-18937r1_rule DTOO203 - Office MEDIUM Legacy format signatures should be enabled - Office By default, 2007 Office applications use the XML–based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by Office 2003 applications or previous versions. If an Off
    SV-18939r2_rule DTOO192 - Office MEDIUM Disable Load controls in forms3 - Office ActiveX controls are Component Object Model (COM) objects and have unrestricted access to users' computers. ActiveX controls can access the local file system and change the registry settings of the operating system. If a malicious user repurposes an Activ
    SV-18956r1_rule DTOO179 - Office MEDIUM Disable "Open documents as Read Write when browsing" feature. - Office By default, when users browse to an 2007 Office document on a Web server using Internet Explorer, the appropriate application opens the file in read-only mode. However, if the default configuration is changed, the document is opened as read/write. Users c
    SV-18968r1_rule DTOO199 - Office MEDIUM Prevent permissions change on 'rights managed' content - Office The Information Rights Management feature of the 2007 Office release allows individuals and administrators to specify access permissions to Word 2007 documents, Excel 2007 workbooks, PowerPoint 2007 presentations, InfoPath 2007 templates and forms, and Ou
    SV-18972r1_rule DTOO178 - Office MEDIUM Prevent upload of document templates to Office Online. By default, 2007 Office users can share Excel 2007, PowerPoint 2007, and Word 2007 templates they create with other Microsoft Office users around the world by uploading them to the community area of the Microsoft Office Online Web site. If your organizati
    SV-18974r1_rule DTOO188 - Office MEDIUM Protect document metadata for password protected files - Office By default, when an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypted along with the rest of the document's contents. If this configuration is changed, potentially sensitive information
    SV-18976r1_rule DTOO187 - Office MEDIUM Protect document metadata for rights managed Office Open XML fiiles - Office By default, when Information Rights Management (IRM) is used to restrict access to an Office Open XML document, any metadata associated with the document is not encrypted. This configuration could allow potentially sensitive information such as the docume
    SV-18983r1_rule DTOO180 - Office MEDIUM Do Not rely on Vector markup Language (VML) for displaying graphics in browsers. When saving documents as Web pages, Excel 2007, PowerPoint 2007, and Word 2007 can save vector–based graphics in Vector Markup Language (VML), which enables Internet Explorer to display them smoothly at any resolution. By default, when saving VML graphi
    SV-19036r1_rule DTOO204 - Office MEDIUM Enable the feature to suppress external Signature Services Menu for Office. By default, users can select Add Signature Services (from the Signature Line drop-down menu on the Insert tab of the Ribbon in Excel 2007, PowerPoint 2007, and Word 2007) to see a list of signature service providers on the Microsoft Office Web site. If yo
    SV-32370r3_rule DTOO287 HIGH An unsupported Microsoft Office version must not be installed. Failure to install the most current Office version leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities. If Microsoft Office installation is not at the most current version and service pack