{
"stig": {
"date": "2014-10-03",
"description": "None",
"findings": {
"V-12781": {
"checkid": "C-9326r1_chk",
"checktext": "Use the Windows Registry Editor to navigate to the following key for Office 2003\n HKCU HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\n\n Look for the QMEnable value.\n\nCriteria: \nFor Office 2003, if the data for QMEnable value entry is not 0 or the key is not found, this is a finding.\n \n",
"description": "When sending data as part of the Customer Experience Improvement Program there is a possibility of exposing sensitive data. ",
"fixid": "F-12307r1_fix",
"fixtext": "Use the Windows Registry Editor to navigate to the following key for Office 2003\n HKCU HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\n\n Look for the QMEnable value.\n\nCriteria: \nFor Office 2003, ensure that the QMEnable value entry present and set to 0. \n",
"iacontrols": [
"ECAN-1"
],
"id": "V-12781",
"ruleID": "SV-13346r1_rule",
"severity": "medium",
"title": "Office 2003 Customer Experience Improvement Program",
"version": "DTOO004"
},
"V-6324": {
"checkid": "C-55617r1_chk",
"checktext": "If running any Office 2003 version software, this is a finding.",
"description": "Unsupported vendor software is not being updated or evaluated for security vulnerabilities.",
"fixid": "F-5847r3_fix",
"fixtext": "Upgrade to Office 2007 or higher.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6324",
"ruleID": "SV-6394r2_rule",
"severity": "high",
"title": "An unsupported version of Office is installed.",
"version": "DTOG001"
},
"V-6325": {
"checkid": "None",
"checktext": "None",
"description": "The lastest service pack needs to be applied to ensure all security related patches are incorporated and that the software is a t supported service level.",
"fixid": "F-5848r1_fix",
"fixtext": "For Office XP, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These versions represent having Office XP SP 3 installed.\n\n Excel.exe \t10.0.6501.0\n Frontpg.exe \t10.0.6308.0\n Msaccess.exe \t10.0.6501.0\n Mspub.exe \t10.0.6308.0\n Outlook.exe \t10.0.6626.0\n Powerpnt.exe \t10.0.6501.0\n Winword.exe \t10.0.6612.0\n\nFor Office 2000, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These versions represent having Office 2000 SP 3 installed.\n\n Microsoft Access \tMsaccess.exe \t9.0.6926\n Microsoft Excel \tExcel.exe \t\t9.0.6926\n Microsoft Outlook \tOutlook.exe \t\t9.0.0.6627\n Microsoft PowerPoint \tPowerpnt.exe \t9.0.6620\n Microsoft Word \tWinword.exe \t9.0.6926\n\nFor Office 2003, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These version represent having Office 2003 SP 1 installed.\n\n Excel.exe \t11.0.6355.0\n Frontpg.exe \t11.0.6356.0\n Infopath.exe \t11.0.6357.0\n Msaccess.exe \t11.0.6355.0\n Outlook.exe \t11.0.6353.0\n Powerpnt.exe \t11.0.6361.0\n Winword.exe \t11.0.6359.0\n Mspub.exe \t11.0.6255.0\n\n\nPlease note that in many cases Office service packs are not cummulative and there are level sets that must be installed before the current servicce pack.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6325",
"ruleID": "SV-6395r1_rule",
"severity": "medium",
"title": "The latest Office service pack is not installed. ",
"version": "DTOG002"
},
"V-6326": {
"checkid": "C-620r1_chk",
"checktext": "Procedure: This check must be performed once for each Office 2000 application, once for each Office XP application, and once for each Office 2003 application:\n\na) Start the MS Word application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.\nb) Start the MS Excel application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.\nc) Start the MS PowerPoint application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.\nd) Start the MS Outlook application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.\n\nCriteria: If the Security Level option specifies a value other than Very High, High or Medium in any application, then this is a Finding.\n",
"description": "The security level controls the action of macros. Macros can be embedded into documents to be executed at the time the document is opened. This can potentially intitiate a malicious action.",
"fixid": "F-5849r1_fix",
"fixtext": "For each Office 2000/Office XP/Office2003 application, perform the check once. Start the application and on the Tools menu, select the Macro item. On the Macro menu, select the Security... item. On the Security window, select the Security Level tab. On the Security Level tab, change the value of the Security Level option so that it specifies Very High, High, or Medium.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6326",
"ruleID": "SV-6396r1_rule",
"severity": "medium",
"title": "The Macro Security Level option in Office 2000, XP (2002), or 2003 applications is not set to Medium, High, or Very High.",
"version": "DTOO001"
},
"V-6327": {
"checkid": "C-621r1_chk",
"checktext": "Procedure: \n\na) Start the MS Word application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.\nb) Start the MS Excel application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.\nc) Start the MS PowerPoint application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.\nd) Start the MS Outlook application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.\ne) Start the MS Project application. On the Tools menu, select the Macro item. On the Macro menu, select the Security\u2026 item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.\n\nCriteria: If the Trust all installed add-ins and templates is checked then this is a Finding.\n",
"description": "This option ensures that macro security warning are displayed for all addins and templates. ",
"fixid": "F-5850r1_fix",
"fixtext": "For MS Word, MS Excel, MS PowerPoint, MS Outlook, and MS Project start each application and go to the Tools menu. On the Tools menu, select the Macro item followed by the Security... item. On the Security window, select the Security Level tab. Uncheck the box for Trust all installed add-ins and templates.",
"iacontrols": [
"DCMC-1"
],
"id": "V-6327",
"ruleID": "SV-6397r1_rule",
"severity": "medium",
"title": "The option for trusting all installed add-ins and templates is not disabled.",
"version": "DTOO002"
},
"V-6328": {
"checkid": "C-626r1_chk",
"checktext": "Procedure: \n\nUse the Windows Registry Editor to navigate to the following key for Office XP: \n\nHKCU\\Software\\Policies\\Microsoft\\Office\\10.0\\Common. Look for the DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection value names. \n\nUse the Windows Registry Editor to navigate to the following key for Office 2003:\n HKCU\\Software\\Policies\\Microsoft\\PCHealth\\ErrorReporting\\DW. Look for the DWReportee or DWNeverUpload value names. \n\nCriteria: For Office XP, if the value data for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection is not 1 (the number one) or the key is not found, then this is a Finding. \n\nFor Office 2003, if the value data for DWReportee or DWNeverUpload entry is not 1 (the number one) or the key is not found, this is a finding. ",
"description": "This could potentially send sensitive application data to the vendor and needs to be disabled.",
"fixid": "F-5851r1_fix",
"fixtext": "For Office XP, navigate to registry key HKCU\\Software\\Policies\\Microsoft\\Office\\10.0\\Common. Change the values for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection to 1 (the number one). If the key does not exist, add it with the values at 1.\n\nFor Office 2003, change the value of DWReportee or DWNeverUpload to 1 (the number one). If either key does not exist, add it with the value 1.",
"iacontrols": [
"ECSC-1"
],
"id": "V-6328",
"ruleID": "SV-6398r1_rule",
"severity": "medium",
"title": "The Error Reporting tool for Office XP/2003 is installed or enabled.",
"version": "DTOO003"
}
},
"profiles": {
"MAC-1_Classified": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-1_Classified",
"title": "I - Mission Critical Classified"
},
"MAC-1_Public": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-1_Public",
"title": "I - Mission Critical Public"
},
"MAC-1_Sensitive": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-1_Sensitive",
"title": "I - Mission Critical Sensitive"
},
"MAC-2_Classified": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-2_Classified",
"title": "II - Mission Support Classified"
},
"MAC-2_Public": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-2_Public",
"title": "II - Mission Support Public"
},
"MAC-2_Sensitive": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-2_Sensitive",
"title": "II - Mission Support Sensitive"
},
"MAC-3_Classified": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-3_Classified",
"title": "III - Administrative Classified"
},
"MAC-3_Public": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-3_Public",
"title": "III - Administrative Public"
},
"MAC-3_Sensitive": {
"description": "",
"findings": {
"V-12781": "true",
"V-6324": "true",
"V-6325": "true",
"V-6326": "true",
"V-6327": "true",
"V-6328": "true"
},
"id": "MAC-3_Sensitive",
"title": "III - Administrative Sensitive"
}
},
"slug": "microsoft_access_2003",
"title": "Microsoft Access 2003 ",
"version": "None"
}
}