STIGQter: STIG Summary: Microsoft PowerPoint 2010 STIG Version: 1 Release: 10 Benchmark Date: 27 Apr 2018:

Links that invoke instances of IE from within an Office product must be blocked.

DISA Rule

SV-33395r1_rule

Vulnerability Number

V-17184

Group Title

DTOO129 - Block Pop-Ups

Rule Version

DTOO129 - PowerPoint

Severity

CAT II

CCI(s)

CCI-001662 - The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified.

Weight

Fix Recommendation

Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” to “Enabled” and select ‘powerpnt.exe’ and ‘pptview.exe’.

Check Contents

The policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2010 (Machine) -> Security Settings -> IE Security “Block popups” must be “Enabled” and ‘powerpnt.exe’ and ‘pptview.exe’ are checked.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT

Criteria: If the value powerpnt.exe is REG_DWORD = 1, this is not a finding.

AND

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT

Criteria: If the value pptview.exe is REG_DWORD = 1, this is not a finding.

Links that invoke instances of IE from within an Office product must be blocked.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments