DTOO406 – The ability to automatically hyperlink screenshots within Word, PowerPoint, Excel and Outlook must be disabled.

Details

The ability to automatically bind hyperlink to a screenshot inserted through the Insert Screenshot tool introduces the possibility of a malicious URL or website being imbedded in the Word, PowerPoint, Excel or Outlook document. Disabling the hyperlink in those screenshots will ensure users do not have the ability to directly open the hyperlinks.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Miscellaneous -> ‘Do not automatically hyperlink screenshots’ to ‘Enabled’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_OfficeSystem_2013_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

800-53|CM-7a.
CAT|II
CCI|CCI-000381
Rule-ID|SV-228536r508020_rule
STIG-ID|DTOO406
STIG-Legacy|SV-53195
STIG-Legacy|V-40863
Vuln-ID|V-228536

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles