Microsoft Tool to Protect Office Files
Microsoft is readying a new file conversion tool for Office that is designed to strip out malicious code embedded in a document. The company says businesses will be safer from exploits in older file formats, and, in turn, Microsoft could see more upgrades to Office 2007.
The tool, dubbed Microsoft Office Isolated Conversion Environment, or MOICE, can be associated to the older file formats like those used in Office 2003. When the document is accessed, it is upconverted by MOICE and handed off to the new version of Office.
"The reason this process ends up stripping out exploits is that the older formats would do things like write offsets directly into the file, and in some cases would write pointer values right into the file. It seemed like a good idea back in 1995 or so, but isn't something we want to do now," explained MOICE developer David LeBlanc in a blog post.
Although Office 2007 already has built in security when it comes to converting older formats, LeBlanc says a number of improvements have been made. "All in all, the new code is going to be safer."
Businesses can simply install MOICE and apply a group policy that opts individuals into using it. However, there will be a slight performance penalty associated with the pre-processing. Macros and VBA projects will also be stripped out of the document, which could affect compatibility.
"Sure, it's a big app-compat hit, but this is a security feature," acknowledges LeBlanc. Because the tool runs in an "isolated environment," there is a much smaller risk of arbitrary code being run on a system. "What it boils down to is that even if you do get arbitrary code running in the converter, good luck getting it to do anything very useful."
Microsoft plans to make MOICE available in the near future, but the company did not offer a specific timeframe for release.