Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-41346 | DTOO419 | SV-53843r1_rule | Medium |
Description |
---|
This setting controls whether Excel presents users with a list of data extraction options before beginning an Open and Repair operation when users choose to open a corrupt workbook in repair or extract mode. A corrupt Excel file may be indicative of malicious tampering. By allowing the automatic handling of corrupt spreadsheets, malicious code may be introduced to the user's computer and the network. |
STIG | Date |
---|---|
Microsoft Excel 2013 STIG | 2016-12-20 |
Check Text ( C-47897r1_chk ) |
---|
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\microsoft\office\15.0\excel\options Criteria: If the value extractdatadisableui is REG_DWORD = 1, this is not a finding. |
Fix Text (F-46746r1_fix) |
---|
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" to "Enabled". |