UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Block opening of "open XML" format files created by pre-release versions of Excel.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17518 DTOO153 - Excel SV-18589r1_rule ECSC-1 Medium
Description
By default, users can open files that were saved in pre-release versions of the new Office Open XML format, which underwent some minor changes prior to the final release of Office 2007. Excel Open XML files usually have the following extensions: • .xlsb • .xlsx • .xlsm • .xltx • .xltm • .xlam If a vulnerability is discovered that affects these kinds of files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available. By default, these file types are not blocked in Office 2007 products.
STIG Date
Microsoft Excel 2007 2014-01-07

Details

Check Text ( C-18833r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Excel 2007 -> Block file formats -> Open “Block opening of files created by pre-release versions of Excel 2007” will be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock

Criteria: If the value Excel12BetaFiles is REG_DWORD = 1, this is not a finding.
Fix Text (F-17433r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office Excel 2007 -> Block file formats -> Open “Block opening of files created by pre-release versions of Excel 2007” will be set to “Enabled”.