Subscribe to Windows IT Pro

 

Get Newsletters

  • Get the Latest News
  • Product Updates
  • Helpful Tricks
  • Productivity Tips

Subscribe Now!

May 22, 2007 12:00 AM

Microsoft Ships Office Security Tools

Paul Thurrott
Windows IT Pro
InstantDoc ID #96118
Rating: (6)

Microsoft this week shipped two tools for Microsoft Office 2007 and Office 2003 users aimed at protecting users of those products from so-called "zero-day" electronic attacks. The tools convert Office documents into Open XML formats and allow administrators to block particular Office file types, respectively.

"Both features are designed to make it easier for customers to protect themselves from Office files that may contain malicious software, such as unsolicited Office files received from unknown or known sources," a Microsoft security advisory announcing the availability of the tools reads. "When used together they are an effective mitigation strategy for customers when the threat of attack using certain Office types exists. This enables customers to continue using Microsoft Office with a high degree of assurance that the files being opened are considered safe and will not infect users with malicious software."

The first tool, the Microsoft Office Isolated Conversion Environment (MOICE), uses the file type converters that first debuted in Office 2007 to convert Office 2007 and Office 2003 binary documents to the new Open XML file formats in an isolated environment, Microsoft says. In this way, potentially unsafe Office documents can be converted into safe XML-based documents that can't succumb to the various electronic attacks currently targeting binary documents.

The second tool, the File Block Functionality for Microsoft Office, allows administrators to restrict which file types that Microsoft Excel, PowerPoint and Word 2007 and 2003 can open using registry settings or Group Policy. This gives corporate environments a quick way to shut down access to potentially dangerous Office binary file types in the event of an emerging electronic attack.

Although these tools are certainly welcome, I'm curious whether Microsoft will use the recent spate of Office document attacks as a new rationale for moving its customers over to the new Open XML document formats it introduced with Office 2007. Because these XML-based formats are immune to the vulnerabilities that afflict the older Office formats, customers suddenly have another reason to migrate to Microsoft's latest Office version.

Related Content:

ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • Will
    5 years ago
    May 24, 2007

    "Vista will BSOD if a rootkit tries to take over the system. "

    BSOD is acceptable. That is a system trap that prevents any further execution period, even at the highest privileges.

    Depending on how the operating system is written, a 'crash' could be used to find memory references to insert malicious code with elevated privileges. I'm not saying this is possible in Vista, I personally doubt it, but on a more basic OS, see 'back in the day', this is how people would do it.

    In any case, yes crashes tell you something, but where this information goes should not be to the user. Unstable program activity is never a 'good thing'. Even a malformed input file should not cause instability.

    Why do you think even the most fundamental and age-old parsing functions return an integer? Because you always want to know why unexpected results happen so you can encode the behavior into your application.

    Yes it is hard to catch _every_ situation, that's why you include baseline _stable_ default functionality that is the reaction to every case, that way even if you forget something, stability is not sacrificed and graceful degradation can be achieved for debugging purposes later.

    Welcome to system programming 101. Your professor will be Mr. Common Sense.

  • Bryan
    5 years ago
    May 24, 2007

    Nate:

    Oh, yea, I absolutely realize that bad code causes crashes. You're talking to someone who has brought quite a few browsers to their knees with bad Javascript. ;)

    I can certainly understand how malicious code could cause a crash. I'm just pointing out that it's funny that the article would call that outcome "successful." It's kind of like NASA crashing the Mars rover into the planet because they forgot to convert feet to meters and then saying, "Well, we got to Mars, didn't we? Get off our back about it!"

  • Nathan
    5 years ago
    May 24, 2007

    @bdk

    Vista will BSOD if a rootkit tries to take over the system.

    Crashes are not always a *bad* thing. If you ever have tried to write an app, you will soon discover, *especially* with importing/exporting files, that anticipating *every* *single* condition is virtually impossible.

    Now what would be funny is if a malformed Office file could take control of your computer via the converter...

  • Joe
    5 years ago
    May 24, 2007

    "Only at Microsoft is "the converter itself will crash" considered a successful outcome."

    that would mean the original file isn't valid, so yes, it protects customers. i'd say that if the convertor crashes, you'd have more important things to worry about than, well, the convertor crashing.

    isn't that what happens to any binary data parser without preprogrammed error codes anyway?

    (try programming sometime)

    XP

  • Bryan
    5 years ago
    May 23, 2007

    I love this:

    "During the conversion of an unsafe file, MOICE will fail to convert the file, create a safe version of the file, or the converter itself will crash," an advisory on Microsoft's site reads. "The mere process of conversion and achieving one of three possible outcomes is what protects customers."


    Only at Microsoft is "the converter itself will crash" considered a successful outcome.


    The quote is from the MS article at this location:
    http://support.microsoft.com/kb/935865

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

White Papers

Get your Windows 7 deployment off to the right start by implementing PC lockdown. A locked-down environment is easier and cheaper to support since users are less likely to make unnecessary changes to the core system configuration - read more here!

Essential Guides

Is your iSCSI "lossy"? The reality is that most off-the-shelf Ethernet hardware deployed for iSCSI can lose packets, resulting in slow performance or application downtime. Learn how to assess your current iSCSI infrastructure and engineer an advanced iSCSI SAN infrastructure.

Web Seminars

What's the best way to keep your network safe from malware? In this web seminar, security expert Greg Shields suggests an alternative method to the traditional blacklisting approach that is common with anti-virus and anti-malware solutions.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

Cloud IT Pro DevProConnections Left-Brain Mobile Dev Pro SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.