| V-17765 | Medium | Prevent permissions change on 'rights managed' content - Office | The Information Rights Management feature of the 2007 Office release allows individuals and administrators to specify access permissions to Word 2007 documents, Excel 2007 workbooks, PowerPoint... |
| V-17583 | Medium | Allow users with earlier versions of Office to read with browsers - System | The Windows Rights Management Add-on for Internet Explorer provides a way for users who do not use the 2007 Office release to view, but not alter, files with restricted permissions. By default,... |
| V-17664 | Medium | Disable the Opt-In Wizard that enables first time users to opt into Internet–based Microsoft services. | By default, the Opt-in Wizard displays the first time users run a 2007 Microsoft Office application, which allows them to opt into Internet–based services that will help improve their Office... |
| V-17665 | Medium | Configure the "Disable Password to Open UI" for password secured documents. | If 2007 Office users add passwords to documents, other users can be prevented from opening the documents. This capability can provide an extra level of protection to documents that are already... |
| V-17662 | Medium | Disable Microsoft passport Service for content with restricted permissions - Office. | The Information Rights Management feature of the 2007 Microsoft Office release allows individuals and administrators to specify access permissions to Word 2007 documents, Excel 2007 workbooks,... |
| V-17605 | Medium | Always show Document Information Panel Beaconing UI - Office | InfoPath 2007 can be used to create custom Document Information Panels that can be attached to Excel 2007 workbooks, PowerPoint 2007 presentations, and Word 2007 documents.
A malicious user could... |
| V-17660 | Medium | Disable inclusion of document properties for PDF and XPS output - Office. | By default, if the Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office Programs add-in is installed, document properties are saved as metadata when users save files using the PDF or XPS... |
| V-17661 | Medium | Disable the ability for Office users to use the Internet Fax Feature. | Excel 2007, PowerPoint 2007, and Word 2007 users can use the Internet Fax feature to send documents to fax recipients through an Internet fax service provider. If your organization has policies... |
| V-17769 | Medium | Protect document metadata for rights managed Office Open XML fiiles - Office | By default, when Information Rights Management (IRM) is used to restrict access to an Office Open XML document, any metadata associated with the document is not encrypted. This configuration could... |
| V-17768 | Medium | Protect document metadata for password protected files - Office | By default, when an Office Open XML document is protected with a password and saved, any metadata associated with the document is encrypted along with the rest of the document's contents. If this... |
| V-17741 | Medium | Enable Automation Security to enforce macro level security in Office documents | By default, when a separate program is used to launch Microsoft Office Excel 2007, PowerPoint 2007, or Word 2007 programmatically, any macros can run in the programmatically opened application... |
| V-17627 | Medium | Configure the Help Improve Proofing Tools feature for Office. | The Help Improve Proofing Tools feature collects data about use of the Proofing Tools, such as additions to the custom dictionary, and sends it to Microsoft. After about six months, the feature... |
| V-17581 | Medium | Control Blogging entries created from inside Office products. | The blogging feature in Word 2007 enables users to compose blog entries and post them to their blogs directly from Word, without using any additional software.
By default, users can post blog... |
| V-17669 | Medium | Disable Smart Documents use of Manifests in Office | An XML expansion pack is the group of files that constitutes a Smart Document in Excel 2007 and Word 2007. You package one or more components that provide the logic needed for a Smart Document by... |
| V-17588 | Medium | Disable access to updates, add-ins, and patches on the Office Online Website - Office. | Having access to updates, add-ins, and patches on the Office Online Web site can help users ensure that their computers are up to date and equipped with the latest security patches. However, to... |
| V-17740 | Medium | Disable Automatic receiving of small updates to improve reliability - Office. | Office Diagnostics is used to improve the user experience by periodically downloading a small file to the computer with updated help information about specific problems. If Office Diagnostics is... |
| V-17547 | Medium | ActiveX control initialization method to ensure save behavior. | ActiveX controls can adversely affect a computer directly. In addition, malicious code can be used to compromise an ActiveX control and attack a computer. To indicate the safety of an ActiveX... |
| V-17560 | Medium | Do not allow a mix of policy and user locations for Office Products. | When Microsoft Office Access™ 2007, Excel® 2007, PowerPoint® 2007, and Word 2007 files are opened from trusted locations, all the content in the files is enabled and active. Users are not notified... |
| V-17565 | Medium | Block Office from receiving updates from the Office Update Site. | Obtaining updates from the Office Update site allows users to ensure that their 2007 Microsoft Office installation is kept up to date. However, in many situations administrators will want users to... |
| V-25884 | Medium | The most current Office 2007 Service Pack is not installed. | Failure to install the most current Office Service Pack (SP) leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities. If Microsoft... |
| V-17590 | Medium | Disable the ability for users to Disable Trust Bar notifications for Security messages - Office | The Message Bar in 2007 Office applications is used to identify security issues, such as unsigned macros or potentially unsafe add-ins. When such issues are detected, the application disables the... |
| V-17612 | Medium | Disable the "Enable Customer Experience Improvement Program" for Office. | When users choose to participate in the Customer Experience Improvement Program (CEIP), 2007 Office applications automatically send information to Microsoft about how the applications are used.... |
| V-17759 | Medium | Disable "Open documents as Read Write when browsing" feature. - Office | By default, when users browse to an 2007 Office document on a Web server using Internet Explorer, the appropriate application opens the file in read-only mode. However, if the default... |
| V-17617 | Medium | Set encryption type for password protected Office 97 thru Office 2003 files - Office | If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, Microsoft Office application files can be encrypted and... |
| V-17750 | Medium | Disable Load controls in forms3 - Office | ActiveX controls are Component Object Model (COM) objects and have unrestricted access to users' computers. ActiveX controls can access the local file system and change the registry settings of... |
| V-17805 | Medium | Enable the feature to suppress external Signature Services Menu for Office. | By default, users can select Add Signature Services (from the Signature Line drop-down menu on the Insert tab of the Ribbon in Excel 2007, PowerPoint 2007, and Word 2007) to see a list of... |
| V-17659 | Medium | Configure the "disable hyperlink warnings" for Office to Disable. | Unsafe hyperlinks are links that might pose a security risk if users click them. Clicking an unsafe link could compromise the security of sensitive information or harm the computer.
Links that... |
| V-17670 | Medium | Disable the Office client from polling the Sharepoint server for published links. | By default, users of 2007 Office applications can see and use links to Microsoft Office SharePoint Server sites from those applications. Administrators configure published links to Office... |
| V-17749 | Medium | Legacy format signatures should be enabled - Office | By default, 2007 Office applications use the XML–based XMLDSIG format to attach digital signatures to documents, including Office 97-2003 binary documents. XMLDSIG signatures are not recognized by... |
| V-17653 | Medium | Enable the "Disable Check for Solutions" in Office. | Office Diagnostics collects relevant diagnostic information when Office applications crash and prompts users to transmit the data to Microsoft, directs them to a Web page that contains information... |
| V-17731 | Medium | Always require users to connect to verify permissions - Office. | By default, users are not required to connect to the network to verify permissions. If users do not need their licenses confirmed when attempting to open 2007 Office documents, they might be able... |
| V-17773 | Medium | Do Not rely on Vector markup Language (VML) for displaying graphics in browsers. | When saving documents as Web pages, Excel 2007, PowerPoint 2007, and Word 2007 can save vector–based graphics in Vector Markup Language (VML), which enables Internet Explorer to display them... |
| V-17619 | Medium | Encryption type for password protected Open XML files - Office | If unencrypted files are intercepted, sensitive information in the files can be compromised. To protect information confidentiality, 2007 Office application files can be encrypted and password... |
| V-17767 | Medium | Prevent upload of document templates to Office Online. | By default, 2007 Office users can share Excel 2007, PowerPoint 2007, and Word 2007 templates they create with other Microsoft Office users around the world by uploading them to the community area... |
| V-17561 | Low | Do not allow choice of output to include PNG (Portable Network Graphics) | Excel 2007, PowerPoint 2007, and Word 2007 can save graphic files in Portable Network Graphics (PNG) format to improve the quality of the graphics when documents are saved as Web pages. The PNG... |
