The Windows Observer--Microsoft Boosts Office Security with New Tools

Newsletters	Subscriptions	Forums	Safari	Store	Career	Media Kit	About Us	Contact	Search	Home

Volume 4, Number 20 -- May 23, 2007

Microsoft Boosts Office Security with New Tools

Published: May 23, 2007

by Alex Woodie

Microsoft yesterday quietly announced a pair of new tools designed to protect Office 2003 and Office 2007 from zero-day exploits. The new products, unveiled on the company's TechNet security Web site, protect users by converting older Office formats into the new Open XML format that Microsoft is now pushing. Because Open XML is so new, there are few known vulnerabilities in it, providing users a window of protection. But the big question is: How long will it last?

Microsoft announced the new tools, including the Microsoft Office Isolated Conversion Environment (MOICE) feature and File Block, with Microsoft Security Advisory (937696)--a notification mechanism usually reserved for warning Microsoft customers about newly discovered security holes.

Microsoft says both new tools should make it easier for users to protect themselves from malicious Office files, such as those received via e-mail. Vulnerabilities in Office formats such as Word, Excel, and PowerPoint, are a favorite avenue of attack for malicious software writers looking to infect Windows computers.

MOICE provides protection by converting Office 2003 documents to the new Open XML format that Microsoft introduced with Office 2007. In short, MOICE works as a "pre-processor" for potentially unsafe Office documents, and should give users greater confidence in opening Office documents, according to Microsoft. (While Office 2007 users who adopt the new Open XML format would already be protected from vulnerabilities in older Office file formats, many Office 2007 users, it would seem, continue to work with Office 2003 binary documents instead of the new Open XML format, so that appears to be why Microsoft made the new tool available for Office 2007 users, too.)

Meanwhile, the new File Block capability provides a mechanism that administrators can use to control and block the opening of specific Microsoft Office file types. The vendor says the tool allows administrators to restrict, via registry and Active Directory Group Policy, specific Word, PowerPoint, and Excel formats. Microsoft indicates it expects File Block to be employed when the threat of attack from specific Office file types is high--such as when zero-day attacks exploiting a newly discovered vulnerability have been discovered, and Microsoft has not had time to patch the flaw.

There has been a rash of zero-day exploits discovered in Office products over the last year. According to eEye Digital Security's Zero-Day Tracker, there is currently only 1 un-patched flaw in an Office product--the Microsoft Office 2003 PPT Local Denial of Service flaw. But over the last 12 months, there have been 11 zero-day flaws discovered in Word, Excel, and PowerPoint products, and it took Microsoft an average of 49.7 days to fix them.

So far, Office 2007 has stayed relatively intact, security-wise. The only flaw affecting Office 2007 at this point appears to be the Drawing Object Vulnerability, which Microsoft fixed earlier this month with Microsoft Security Bulletin MS07-025. The remote execution vulnerability afflicted every version of Office going back to Office 2000, but it was deemed only an "important" flaw on Office 2007, compared to a "critical" flaw on more recent versions, including Office 2007.

However, if history is any lesson, malicious software writers will undoubtedly find flaws in Office 2007 and the new Open XML file formats as the products gain more usage, which could render the protection afforded by MOICE and File Block a moot point. But as long as Open XML adoption remains relatively low, it should provide an element of additional protection.

MOICE and the File Block tools work independently, but Microsoft recommends combining them to get the maximum benefit. The new tools do not work directly with Office 2000 and Office XP. However, files that have been converted using MOICE could be opened on these versions of Office if the user has the Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats installed, Microsoft says.

For more information on MOICE and File Block, see Microsoft Security Advisory (937696) at www.microsoft.com/technet/security/advisory/937696.mspx. To download MOICE, go to Knowledge Base article935865.

File Block is enabled by default on Office 2007. Office 2003 users must independently download and configure the File Block functionality. For instructions on how to enable File Block for PowerPoint 2003, Excel 2003, and Word 2003, visit these Microsoft Knowledge Base Articles, respectively: 922847, 922848, and 922849.

Sponsored By
VIBRANT TECHNOLOGIES

HP, IBM and Sun Server Deals via RSS

                                                  · Subscribe to our Specials via RSS
                                                  · Up to 80% off manufacturer's list price
                                                  · Multi-million dollar inventory

We Buy & Sell new and remarketed servers,
upgrades, peripherals and parts.

HP Proliant, IBM xSeries, IBM pSeries, RS6000,
HP Integrity, Sun Microsystems, Cisco, more…
888-443-8606

View or Subscribe to:
Special Offers on Servers and Upgrades

Editor: Alex Woodie

Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan

Publisher and Advertising Director: Jenny Thomas

Advertising Sales Representative: Kim Reed

Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Vision Solutions: Get facts on managed availability and business continuity to eliminate downtime
Wolf Computer Consulting: Reliable service and affordable rates for business computing needs
COMMON: Join us at the Annual 2008 conference, March 30 - April 3, in Nashville, Tennessee


IBM Tweaks i5 515 and 525 User-Based Prices An i5 Platform: Q&A with Marlin Equity's Top Brass The Gulf Between Buyers and Sellers Widens in IT, Says IDC As I See It: Operating on Overload


Microsoft Claims Linux Violates 42 of Its Patents Red Hat, IBM Commit to Better Mainframe Linux IBM Launches First Power6-Based Server The Gulf Between Buyers and Sellers Widens in IT, Says IDC


Rochester Alums Plan New Customer Care App for i Lakeview Touts Customer Win at Competitor's Expense HarrisData Serves Competitive Party Goods Maker for 14 years ProData Goes Cross-Platform with DBU


Red Hat, IBM Commit to Better Mainframe Linux Top Mainframe Stories From Around the Web Chats, Webinars, Seminars, Shows, and Other Happenings


Groovy: A Powerful Scripting Language for Java Developers on System i Old Programs Can Learn to Behave Themselves Another Way to Retrieve i5 System Storage Space


May 12, 2007: Volume 9, Number 19 May 5, 2007: Volume 9, Number 18 April 28, 2007: Volume 9, Number 17 April 21, 2007: Volume 9, Number 16 April 14, 2007: Volume 9, Number 15 April 7, 2007: Volume 9, Number 14


HP Turns in a Solid Fiscal 2007 Second Quarter IBM's AIX Roadmap Through 2015 Sun's Board Authorizes $3 Billion in Share Buybacks The X Factor: Small Is Beautiful


Four Hundred Monitor's Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:
IT Security Vibrant Technologies OpenLogic Storage Guardian MKS

TABLE OF CONTENTS

Microsoft Reorganizes Again, Moves Server Division

Microsoft Boosts Office Security with New Tools

Jive Ventures Out of the Box with Clearspace X

As I See It: Education--the Other Dysfunction

But Wait, There's More:

Microsoft Makes Big Move in Online Advertising with aQuantive Buy . . . Getronics Offers Windows Vista Deployment Tips . . . Infor Buys Developer of Windows-Based ERP for Governments . . . HP Turns in a Solid Fiscal 2007 Second Quarter . . . Developer Population to Grow to Nearly 19 Million by 2010 . . . The Gulf Between Buyers and Sellers Widens in IT, Says IDC . . .

The Windows Observer

BACK ISSUES