Microsoft announces Office security initiative

Posted by Mark Raby

Redmond (WA) - Following recent security issues with its Office suite, Microsoft has announced a move to provide tighter restrictions to cut back on widespread zero-day attacks.

Microsoft is calling the first new security tool Microsoft Office Isolated Conversion Environment (MOICE).  This update adds additional checks when users of an older version of Office open up a 2007 format document.  Previously, it was fairly easy for users to implement malicious code in, for example, a Microsoft Excel 2007 document and attack users who opened it with Excel 2003.

Users must install the update, but according to Heise Security, it also causes other compatibility issues.  All macros are automatically disabled when converted with MOICE, and by default files than take longer tha 45 seconds to convert will be blocked.  A couple minor PowerPoint issues are also affected by MOICE.

Another update applies only to Office 2003 and Office 2007, which allows computer administrators to restrict access to specific Office file extensions.  For example, if a security issue arises with Microsoft Word, an administrator can prevent users from opening potentially vulnerable Word files.