UCF STIG Viewer Logo

Automatic download of linked images must be disallowed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17809 DTOO291 - PowerPoint SV-33603r1_rule ECSC-1 Medium
Description
When users insert images into PowerPoint presentations, they can select Link to File instead of Insert. If they do so, the image is represented by a link to a file on disk instead of being embedded in the presentation file itself. By default, when PowerPoint opens a presentation it does not display any linked images saved on a different computer unless the presentation itself is saved in a trusted location (as configured in the Trust Center). If this configuration is changed, PowerPoint will load any images that were saved in remote locations, which presents a security risk.
STIG Date
Microsoft PowerPoint 2010 2012-11-29

Details

Check Text ( C-34068r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security “Unblock automatic download of linked images” must be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\powerpoint\security

Criteria: If the value DownloadImages is REG_DWORD = 0, this is not a finding.

Fix Text (F-29745r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security “Unblock automatic download of linked images” to “Disabled”.