2.11.8.7.2.1.2 Ensure 'Word 2 and earlier binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy'

Information

This policy setting determines whether users can open, view, edit, or save Word 2 and earlier binary documents and templates.

By choosing the Open/Save blocked, use open policy, both the opening and saving of the file type will be blocked. The file will open based on the policy setting configured in the default file block behavior key.

The recommended state for this setting is: Enabled: Open/Save blocked, use open policy.

Rationale:

By default, users can open, view, or edit this type of document in Word. This could allow malicious code to become active on a user computer or the network.

Impact:

Word 2 and earlier binary documents and templates will not open in Microsoft Word.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: Open/Save blocked, use open policy.

User Configuration\Administrative Templates\Microsoft Word 2016\Word Options\Security\Trust Center\File Block Settings\Word 2 and Earlier Binary Documents and Templates

Default Value:

Disabled. (The file type will be blocked.)

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2.

Plugin: Windows

Control ID: 7b65a23f639d80fde359743f3eab662bbe88dfcc6e32e742d85dcb3e3e3dd420