Block redirection behavior for upgraded web sites by SharePoint

Block redirection behavior for upgraded web sites by SharePoint - Infopath.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17576	DTOO157 - InfoPath	SV-18691r1_rule	ECSC-1	Medium

Description
During a Windows SharePoint Services gradual upgrade, sites that have been upgraded remain available at their original URLs (for example, http://<company_name>/sites/SiteA), while sites that are still in the process of being upgraded are located at a temporary domain URL (for example, http://<company_name_old>/sites/SiteB). By default, InfoPath 2007 automatically redirects user requests for sites that have not been upgraded to the temporary URL if it is located on the local intranet, but blocks them if the temporary URL is located elsewhere. InfoPath will prompt users before redirecting forms or form templates to another intranet site. If this restriction is relaxed, all requests to sites that have not been upgraded will be redirected to their targets, regardless of location. This functionality could cause requests made to a secure site to be redirected to an unsecured one (for example, requests to an intranet site could be redirected to an unencrypted Internet site), causing sensitive information to be at risk.

Description

During a Windows SharePoint Services gradual upgrade, sites that have been upgraded remain available at their original URLs (for example, http://<company_name>/sites/SiteA), while sites that are still in the process of being upgraded are located at a temporary domain URL (for example, http://<company_name_old>/sites/SiteB). By default, InfoPath 2007 automatically redirects user requests for sites that have not been upgraded to the temporary URL if it is located on the local intranet, but blocks them if the temporary URL is located elsewhere. InfoPath will prompt users before redirecting forms or form templates to another intranet site. If this restriction is relaxed, all requests to sites that have not been upgraded will be redirected to their targets, regardless of location. This functionality could cause requests made to a secure site to be redirected to an unsecured one (for example, requests to an intranet site could be redirected to an unencrypted Internet site), causing sensitive information to be at risk.

STIG	Date
Microsoft InfoPath 2007	2014-01-07

Details

Check Text ( C-18877r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> “Control behavior for Windows SharePoint Services gradual upgrade” will be set to “Enabled (Block all redirections)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Security Criteria: If the value GradualUpgradeRedirection is REG_DWORD = 2, this is not a finding.

Check Text ( C-18877r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> “Control behavior for Windows SharePoint Services gradual upgrade” will be set to “Enabled (Block all redirections)”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Security

Criteria: If the value GradualUpgradeRedirection is REG_DWORD = 2, this is not a finding.

Fix Text (F-17494r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Security -> “Control behavior for Windows SharePoint Services gradual upgrade” will be set to “Enabled (Block all redirections)”.