Block Opening of "Open XML" file types to prevent them automatically executing code.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17519	DTOO154 - PowerPoint	SV-18594r1_rule		Medium

Description
The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared to the previous binary file types supported in Office 2003, including the potential to reduce the effects of malicious code. Files can be identified as unable to run code, and will therefore ignore any embedded code. Also, any files that do have embedded code are easier to identify. If a vulnerability is discovered that affects Office Open XML files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available.

Description

The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared to the previous binary file types supported in Office 2003, including the potential to reduce the effects of malicious code. Files can be identified as unable to run code, and will therefore ignore any embedded code. Also, any files that do have embedded code are easier to identify. If a vulnerability is discovered that affects Office Open XML files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available.

STIG	Date
Microsoft PowerPoint 2007	2016-03-31

Details

Check Text ( C-18837r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of Open Xml files types” will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock Criteria: If the value OpenXmlFiles is REG_DWORD = 0, this is not a finding.

Check Text ( C-18837r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of Open Xml files types” will be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock

Criteria: If the value OpenXmlFiles is REG_DWORD = 0, this is not a finding.

Fix Text (F-17437r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office PowerPoint 2007 -> Block file formats -> Open “Block opening of Open Xml files types” will be set to “Disabled”.