UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Word 6.0 binary documents and templates must be configured for block open/save actions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26656 DTOO336 SV-53593r1_rule ECSC-1 Medium
Description
This setting specifies whether users can open, view, edit, or save Word files saved in the specified format. Enabling block of the specified format mitigates zero-day security attacks (which are attacks that occur during between the time that a vulnerability becomes publicly known and a software update or service pack is available) by temporarily preventing users from opening specific types of files and to prevent a user from opening files that have been saved in earlier and pre-release (beta) Microsoft Office formats.
STIG Date
Microsoft Word 2013 STIG 2014-01-06

Details

Check Text ( C-47739r1_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2013 -> Word Options -> Security -> Trust Center -> File Block Settings "Word 6.0 binary documents and templates" is set to "Enabled: Open/Save blocked, use open policy".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\15.0\word\security\fileblock

Criteria: If the value Word60Files is REG_DWORD = 2, this is not a finding.
Fix Text (F-46518r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2013 -> Word Options -> Security -> Trust Center -> File Block Settings "Word 6.0 binary documents and templates" to "Enabled: Open/Save blocked, use open policy".