Details
If users choose to publish Excel data to a static Web page and enable the AutoRepublish feature, Excel saves a copy of the data to the Web page every time the user saves the workbook. If the page is on a Web server, anyone who has access to the page will be able to see the updated data after every save, which can lead to the undesired disclosure of sensitive or incorrect information.
By default, a message dialog box displays every time the user saves a published workbook when AutoRepublish is enabled. From this dialog box, the user can disable AutoRepublish temporarily or permanently, or select ‘Do not show this message again’ to prevent the dialog box from appearing after every save. If the user selects ‘Do not show this message again’, Excel will continue to automatically republish the data after every save without informing the user.
Solution
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2010 -> Excel Options -> Save ‘Disable AutoRepublish’ to ‘Enabled’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.
References
- 800-53|CM-6b.
- CAT|II
- CCI|CCI-000366
- Rule-ID|SV-33438r1_rule
- STIG-ID|DTOO140
- Vuln-ID|V-17652