UCF STIG Viewer Logo

File extensions must be enabled to match file types in Excel.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223332 O365-EX-000023 SV-223332r822365_rule Medium
Description
This policy setting controls how Excel loads file types that do not match their extension. Excel can load files with extensions that do not match the files' type. For example, if a comma-separated values (CSV) file named example.csv is renamed example.xls (or any other file extension supported by Excel 2003 and earlier only), Excel can properly load it as a CSV file. If you enable this policy setting, you can choose from three options for working with files that have non-matching extensions: - Allow different - Excel opens the files properly without warning users that the files have non-matching extensions. If users subsequently edit and save the files, Excel preserves both the true, underlying file format and the incorrect file extension. - Allow different, but warn - Excel opens the files properly, but warns users about the file type mismatch. This option is the default configuration in Excel. - Always match file type - Excel does not open any files that have non-matching extensions. If this policy setting is disabled or not configured or if users attempt to open files with the wrong extension, Excel opens the file and displays a warning that the file type is not what Excel expected.
STIG Date
Microsoft Office 365 ProPlus Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-25005r822363_chk )
Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Force file extension to match file type is set to "Always match file type".

Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\microsoft\office\16.0\excel\security

If value for extensionhardening is REG_DWORD = 2, this is not a finding.
Fix Text (F-24993r822364_fix)
Set policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2016 >> Excel Options >> Security >> Force file extension to match file type to "Enabled" and select the option "Always match file type".