← Back to Microsoft Excel 2016 Security Technical Implementation Guide

V-238193

CAT II (Medium)

Corrupt workbook options must be disallowed.

Rule ID

SV-238193r961086_rule

STIG

Microsoft Excel 2016 Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-001662

Discussion

This policy setting controls whether Excel presents users with a list of data extraction options before beginning an Open and Repair operation when users choose to open a corrupt workbook in repair or extract mode. If you enable this policy setting, Excel opens the file using the Safe Load process and does not prompt users to choose between repairing or extracting data. If you disable or do not configure this policy setting, Excel prompts the user to select either to repair or to extract data, and to select either to convert to values or to recover formulas.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key: 

HKCU\software\policies\Microsoft\office\16.0\excel\options 

Criteria: If the value extractdatadisableui is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" to "Enabled".