Control Blogging entries created from inside Office products.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17581	DTOO212 - Office	SV-18701r1_rule	ECSC-1	Medium

Description
The blogging feature in Word 2007 enables users to compose blog entries and post them to their blogs directly from Word, without using any additional software. By default, users can post blog entries to any compatible blogging service provider, including Windows Live Spaces, Blogger, a SharePoint or Community Server site, and others. If your organization has policies that govern the posting of blog entries, allowing users to access the blogging feature in Word 2007 might enable them to violate those policies.

Description

The blogging feature in Word 2007 enables users to compose blog entries and post them to their blogs directly from Word, without using any additional software. By default, users can post blog entries to any compatible blogging service provider, including Windows Live Spaces, Blogger, a SharePoint or Community Server site, and others. If your organization has policies that govern the posting of blog entries, allowing users to access the blogging feature in Word 2007 might enable them to violate those policies.

STIG	Date
Microsoft Office System 2007	2015-10-02

Details

Check Text ( C-18882r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Miscellaneous “Control Blogging” will be set to “Enabled (Only SharePoint blogs allowed)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\Common\Blog Criteria: If the value DisableBlog is REG_DWORD = 1, this is not a finding.

Check Text ( C-18882r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Miscellaneous “Control Blogging” will be set to “Enabled (Only SharePoint blogs allowed)”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\Common\Blog

Criteria: If the value DisableBlog is REG_DWORD = 1, this is not a finding.

Fix Text (F-17500r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Miscellaneous “Control Blogging” will be set to “Enabled (Only SharePoint blogs allowed)”. "Note: Group Policy Administrative Templates are available from the www.microsoft.com download site. The MS Office 2007 System (Office12.adm) is included in the AdminTemplates.exe file. This template provides the mechanisms to incorporate Microsoft Office 2007 System policies via the Microsoft Group Policy Editor (gpedit.msc)." "Note: If the Microsoft Group Policy Editor (gpedit.msc) is not used to incorporate the remediation to this vulnerability the Microsoft Registry Editor (regedit.exe) may be used to create the registry key and value required."

Fix Text (F-17500r1_fix)

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Miscellaneous “Control Blogging” will be set to “Enabled (Only SharePoint blogs allowed)”.

"Note: Group Policy Administrative Templates are available from the www.microsoft.com download site. The MS Office 2007 System (Office12.adm) is included in the AdminTemplates.exe file. This template provides the
mechanisms to incorporate Microsoft Office 2007 System policies via the Microsoft Group Policy Editor (gpedit.msc)."

"Note: If the Microsoft Group Policy Editor (gpedit.msc) is not used to incorporate the remediation to this vulnerability the Microsoft Registry Editor (regedit.exe) may be used to create the registry key and value required."