Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17605 | DTOO207 | SV-52754r1_rule | ECSC-1 | Medium |
Description |
---|
This policy setting controls whether users see a security warning when they open custom Document Information Panels that contain a web beaconing threat. Web beacons can be used to contact an external server when users open forms. Information could be gathered by the form, or information entered by users could be sent to an external server, exposing the internal users and systems to additional attacks. |
STIG | Date |
---|---|
Microsoft Office System 2013 STIG | 2015-06-18 |
Check Text ( C-47083r1_chk ) |
---|
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Document Information Panel "Document Information Panel Beaconing UI" is set to "Enabled (Always show UI)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\common\documentinformationpanel Criteria: If the value Beaconing is REG_DWORD = 1, this is not a finding. |
Fix Text (F-45680r1_fix) |
---|
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Document Information Panel "Document Information Panel Beaconing UI" to "Enabled (Always show UI)". |