1.8.7.2.1.2 Ensure 'Word 2 and Earlier Binary Documents and Templates' is set to Enabled (Open/Save blocked, use open policy)

Information

This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, you can specify whether users can open, view, edit, or save files. The options that can be selected are below. Note: Not all options may be available for this policy setting. - Do not block: The file type will not be blocked. - Save blocked: Saving of the file type will be blocked. - Open/Save blocked, use open policy: Both opening and saving of the file type will be blocked. The file will open based on the policy setting configured in the 'default file block behavior' key. - Block: Both opening and saving of the file type will be blocked, and the file will not open. - Open in Protected View: Both opening and saving of the file type will be blocked, and the option to edit the file type will not be enabled. - Allow editing and open in Protected View: Both opening and saving of the file type will be blocked, and the option to edit will be enabled. If you disable or do not configure this policy setting, the file type will be blocked. The recommended state for this setting is: Enabled. (Open/Save blocked, use open policy) By default, users can open, view, or edit this type of document in Word. This could allow malicious code to become active on user computers or the network.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Word 2016\Word Options\Security\Trust Center\File Block Settings\Word 2 and Earlier Binary Documents and Templates Impact: If your users require open, save, or view ability and you block some or all of these abilities, you could affect the productivity of your organization.

See Also

https://workbench.cisecurity.org/files/557

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2.

Plugin: Windows

Control ID: 18d41c2d9c1cc76fe5bc4922979bdf79eaf685315d6ff79ed068b30e3272ae7d