Hardening Microsoft Office 2013
Download ACSC Protect Hardening Microsoft Office 2013 (300K PDF), updated March 2016
Workstations are often targeted by an adversary using malicious webpages, emails with malicious attachments and removable media with malicious content in an attempt to extract sensitive information. Hardening the operating environments of workstations is an important part of reducing this risk.
This document provides guidance on hardening Microsoft Office 2013 environments – specifically Microsoft Excel, Microsoft Outlook, Microsoft PowerPoint and Microsoft Word – to reduce the risk of an adversary gaining access to sensitive information. The names and locations of group policies used in this document are taken from Microsoft Office 2013; some slight differences may exist for earlier or later versions of Microsoft Office.
Before implementing recommendations in this document, thorough testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible.
This document is intended for information technology and information security professionals within organisations looking to undertake risk assessments or vulnerability assessments as well as those wishing to develop a hardened standard operating environment for workstations.
Table of contents
- High severity issues
- Microsoft Office version
- Microsoft Office patching
- Microsoft Office configuration
- Medium severity issues
- Trusted documents
- Office file validation
- Protected view
- Extension hardening
- File type blocking
- Hidden markup
- Low severity issues
- Reporting information
- Application stores
Australian government customers with questions regarding this advice can contact ASD Advice and Assistance.
Australian businesses and other private sector organisations seeking further information should contact CERT Australia.