1.4.7.2.1.13 Ensure 'Dif and Sylk Files' is set to Enabled (Open/Save blocked, use open policy)

Information

This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. The recommended state for this setting is: Enabled. (Open/Save blocked, use open policy) DIF and SYLK are text-only file formats that are used to exchange data between different applications, such as Excel. If a vulnerability is discovered that affects these kinds of files, you can use this setting to protect your organization against attacks by temporarily preventing users from opening files in these formats until a security patch is available. By default, users can open DIF (.dif) and SYLK (.slk) files in Excel.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. User Configuration\Administrative Templates\Microsoft Excel 2016\Excel Options\Security\Trust Center\File Block Settings\Dif and Sylk Files Impact: Enabling this setting will prevent users from viewing or editing DIF and SYLK files in Excel. If your users must work with business-critical files of these types, enabling this setting could cause significant disruptions. Users who do not work with DIF or SYLK files will likely not be affected by this setting.

See Also

https://workbench.cisecurity.org/files/569

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2.

Plugin: Windows

Control ID: 9bc06299ad96b55da91d42a7170c6212f18c8f090d98e3cf1ec2618b5e4336ce