acceptedMicrosoft PowerPoint 2003 STIGDISA, Field Security OperationsSTIG.DOD.MILRelease: 4 Benchmark Date: 24 Oct 20144I - Mission Critical Classified<ProfileDescription></ProfileDescription>I - Mission Critical Public<ProfileDescription></ProfileDescription>I - Mission Critical Sensitive<ProfileDescription></ProfileDescription>II - Mission Support Classified<ProfileDescription></ProfileDescription>II - Mission Support Public<ProfileDescription></ProfileDescription>II - Mission Support Sensitive<ProfileDescription></ProfileDescription>III - Administrative Classified<ProfileDescription></ProfileDescription>III - Administrative Public<ProfileDescription></ProfileDescription>III - Administrative Sensitive<ProfileDescription></ProfileDescription>DTOG001<GroupDescription></GroupDescription>DTOG001An unsupported version of Office is installed.<VulnDiscussion>Unsupported vendor software is not being updated or evaluated for security vulnerabilities.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><IAControls>ECSC-1</IAControls>DPMS Target Microsoft PowerPoint 2003DISA FSODPMS TargetMicrosoft PowerPoint 2003733Upgrade to Office 2007 or higher.If running any Office 2003 version software, this is a finding.DTOG002<GroupDescription></GroupDescription>DTOG002The latest Office service pack is not installed. <VulnDiscussion>The lastest service pack needs to be applied to ensure all security related patches are incorporated and that the software is a t supported service level.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><IAControls>ECSC-1</IAControls>DPMS Target Microsoft PowerPoint 2003DISA FSODPMS TargetMicrosoft PowerPoint 2003733For Office XP, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These versions represent having Office XP SP 3 installed.
Excel.exe 10.0.6501.0
Frontpg.exe 10.0.6308.0
Msaccess.exe 10.0.6501.0
Mspub.exe 10.0.6308.0
Outlook.exe 10.0.6626.0
Powerpnt.exe 10.0.6501.0
Winword.exe 10.0.6612.0
For Office 2000, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These versions represent having Office 2000 SP 3 installed.
Microsoft Access Msaccess.exe 9.0.6926
Microsoft Excel Excel.exe 9.0.6926
Microsoft Outlook Outlook.exe 9.0.0.6627
Microsoft PowerPoint Powerpnt.exe 9.0.6620
Microsoft Word Winword.exe 9.0.6926
For Office 2003, if any of the files, exists and are at a lower level than those listed, install a higher level file that meets or exceeds requirements. These version represent having Office 2003 SP 1 installed.
Excel.exe 11.0.6355.0
Frontpg.exe 11.0.6356.0
Infopath.exe 11.0.6357.0
Msaccess.exe 11.0.6355.0
Outlook.exe 11.0.6353.0
Powerpnt.exe 11.0.6361.0
Winword.exe 11.0.6359.0
Mspub.exe 11.0.6255.0
Please note that in many cases Office service packs are not cummulative and there are level sets that must be installed before the current servicce pack.DTOO001 - The Macro Security Level option in Offic<GroupDescription></GroupDescription>DTOO001The Macro Security Level option in Office 2000, XP (2002), or 2003 applications is not set to Medium, High, or Very High.<VulnDiscussion>The security level controls the action of macros. Macros can be embedded into documents to be executed at the time the document is opened. This can potentially intitiate a malicious action.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><IAControls>DCMC-1</IAControls>DPMS Target Microsoft PowerPoint 2003DISA FSODPMS TargetMicrosoft PowerPoint 2003733For each Office 2000/Office XP/Office2003 application, perform the check once. Start the application and on the Tools menu, select the Macro item. On the Macro menu, select the Security... item. On the Security window, select the Security Level tab. On the Security Level tab, change the value of the Security Level option so that it specifies Very High, High, or Medium.Procedure: This check must be performed once for each Office 2000 application, once for each Office XP application, and once for each Office 2003 application:
a) Start the MS Word application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.
b) Start the MS Excel application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.
c) Start the MS PowerPoint application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.
d) Start the MS Outlook application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option.
Criteria: If the Security Level option specifies a value other than Very High, High or Medium in any application, then this is a Finding.
DTOO002<GroupDescription></GroupDescription>DTOO002The option for trusting all installed add-ins and templates is not disabled.<VulnDiscussion>This option ensures that macro security warning are displayed for all addins and templates. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><IAControls>DCMC-1</IAControls>DPMS Target Microsoft PowerPoint 2003DISA FSODPMS TargetMicrosoft PowerPoint 2003733For MS Word, MS Excel, MS PowerPoint, MS Outlook, and MS Project start each application and go to the Tools menu. On the Tools menu, select the Macro item followed by the Security... item. On the Security window, select the Security Level tab. Uncheck the box for Trust all installed add-ins and templates.Procedure:
a) Start the MS Word application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.
b) Start the MS Excel application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.
c) Start the MS PowerPoint application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.
d) Start the MS Outlook application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.
e) Start the MS Project application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Trust all installed add-ins and templates option.
Criteria: If the Trust all installed add-ins and templates is checked then this is a Finding.
DTOO003-Error reporting is enabled<GroupDescription></GroupDescription>DTOO003The Error Reporting tool for Office XP/2003 is installed or enabled.<VulnDiscussion>This could potentially send sensitive application data to the vendor and needs to be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><IAControls>ECSC-1</IAControls>DPMS Target Microsoft PowerPoint 2003DISA FSODPMS TargetMicrosoft PowerPoint 2003733For Office XP, navigate to registry key HKCU\Software\Policies\Microsoft\Office\10.0\Common. Change the values for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection to 1 (the number one). If the key does not exist, add it with the values at 1.
For Office 2003, change the value of DWReportee or DWNeverUpload to 1 (the number one). If either key does not exist, add it with the value 1.Procedure:
Use the Windows Registry Editor to navigate to the following key for Office XP:
HKCU\Software\Policies\Microsoft\Office\10.0\Common. Look for the DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection value names.
Use the Windows Registry Editor to navigate to the following key for Office 2003:
HKCU\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW. Look for the DWReportee or DWNeverUpload value names.
Criteria: For Office XP, if the value data for DWNeverUpload, DWNoExternalURL, DWNoFileCollection, and DWNoSecondLevelCollection is not 1 (the number one) or the key is not found, then this is a Finding.
For Office 2003, if the value data for DWReportee or DWNeverUpload entry is not 1 (the number one) or the key is not found, this is a finding. DTOO004 - Office 2003 Customer Experience Improvem<GroupDescription></GroupDescription>DTOO004Office 2003 Customer Experience Improvement Program<VulnDiscussion>When sending data as part of the Customer Experience Improvement Program there is a possibility of exposing sensitive data. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><IAControls>ECAN-1</IAControls>DPMS Target Microsoft PowerPoint 2003DISA FSODPMS TargetMicrosoft PowerPoint 2003733Use the Windows Registry Editor to navigate to the following key for Office 2003
HKCU HKEY_CURRENT_USER\Software\Microsoft\Office\Common
Look for the QMEnable value.
Criteria:
For Office 2003, ensure that the QMEnable value entry present and set to 0.
Use the Windows Registry Editor to navigate to the following key for Office 2003
HKCU HKEY_CURRENT_USER\Software\Microsoft\Office\Common
Look for the QMEnable value.
Criteria:
For Office 2003, if the data for QMEnable value entry is not 0 or the key is not found, this is a finding.