Untrusted Microsoft Query files must be blocked from opening in Excel.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-223338	O365-EX-000029	SV-223338r684249_rule		Medium

Description
This policy setting controls whether Microsoft Query files (.iqy, oqy, .dqy, and .rqy) in an untrusted location are prevented from opening. If you enable this policy setting, Microsoft Query files in an untrusted location are prevented from opening. Users will not be able to change this setting under File >> Options >> Trust Center >> Trust Center Settings >> External Content. If you disable or do not configure this policy setting, Microsoft Query files in an untrusted location are not prevented from opening, unless users have changed this setting in the Trust Center. Note: This policy setting only applies to subscription versions of Office, such as Office 365 ProPlus.

Description

This policy setting controls whether Microsoft Query files (.iqy, oqy, .dqy, and .rqy) in an untrusted location are prevented from opening. If you enable this policy setting, Microsoft Query files in an untrusted location are prevented from opening. Users will not be able to change this setting under File >> Options >> Trust Center >> Trust Center Settings >> External Content. If you disable or do not configure this policy setting, Microsoft Query files in an untrusted location are not prevented from opening, unless users have changed this setting in the Trust Center. Note: This policy setting only applies to subscription versions of Office, such as Office 365 ProPlus.

STIG	Date
Microsoft Office 365 ProPlus Security Technical Implementation Guide	2021-06-02

Details

Check Text ( C-25011r684248_chk )
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Trust Center >> External Content >> Always prevent untrusted Microsoft Query files from opening is set to "Enabled". Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\excel\security\external content. Value for enableblockunsecurequeryfiles should be REG_DWORD = 1 If the value for enableblockunsecurequeryfiles is Reg_DWORD = 1, this is not a finding.

Check Text ( C-25011r684248_chk )

Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Trust Center >> External Content >> Always prevent untrusted Microsoft Query files from opening is set to "Enabled".
Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\excel\security\external content.
Value for enableblockunsecurequeryfiles should be REG_DWORD = 1

If the value for enableblockunsecurequeryfiles is Reg_DWORD = 1, this is not a finding.

Fix Text (F-24999r442234_fix)
Set policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Trust Center >> External Content >> Always prevent untrusted Microsoft Query files from opening to "Enabled".