Document Information panel Beaconing must show UI.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17605 | DTOO207 | SV-52754r2_rule | Medium |
| Description |
|---|
| This policy setting controls whether users see a security warning when they open custom Document Information Panels that contain a web beaconing threat. Web beacons can be used to contact an external server when users open forms. Information could be gathered by the form, or information entered by users could be sent to an external server, exposing the internal users and systems to additional attacks. |
| STIG | Date |
|---|---|
| Microsoft Office System 2013 STIG | 2017-06-20 |
Details
| Check Text ( C-47083r3_chk ) |
|---|
| Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Office 2013 >> Document Information Panel "Document Information Panel Beaconing UI" is set to "Enabled (Always show UI)". Use the Windows Registry Editor to navigate to the following hive: HKEY_Users For every users profile hive under HKEY_Users, navigate to the following key: \Software\Policies\Microsoft\Office\15.0\common\documentinformationpanel If the value “Beaconing” is REG_DWORD = 1 for every user profile hive, this is not a finding. |
| Fix Text (F-45680r1_fix) |
|---|
| Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Document Information Panel "Document Information Panel Beaconing UI" to "Enabled (Always show UI)". |