Microsoft Releases Tools To Stave Off Bad Office Files
Microsoft released two tools on April 21, 2007. The tools help safeguard computers against the malevolent software code contained by Office 2003 files.
Both the tools help combat "zero day" attacks that exploit the flaws prior to Microsoft's release of a patch. Such attacks have turned out to be more prevalent during the recent months, since attackers seek holes in the "Office" so that they can penetrate the corporate networks.
The 1st tool called MOICE (MS Office Isolated Conversion Environment) tackles the nasty code included in Office files in a secluded environment. It does so to avoid the execution of the code on the PC. This program came up from Office 2007's development.
David LeBlanc, Security Expert for Microsoft, said, "There's a possibility that something may make it from end to end, but we have not observed any of those so far." Onestopclick published this on May 22, 2007.
Another tool, File Block Functionality for MS Office 2003 & the 2007 MS Office system, provides the system administrators with the ability of defining which file-types the user may and may not open. The administrators can therefore choose to block certain files as a specific threat comes in to picture, said Microsoft. Computerworlduk published this on May 22, 2007.
Microsoft believes that the combination of the two tools will definitely help in reducing Office "zero day" attacks' prevalence as well as severity.
Microsoft's advisory has concluded, "When used together the two tools offer a powerful mitigation strategy for the consumers, when there exists a threat to use certain Office versions. This allows customers to carry on using the MS Office with confidence that the files he/she opens are safe and won't infect his/her computer with malevolent software." Entmag published this on May 22, 2007.
Symantec - the security firm - applauded MOICE, however warned, "It's reported that MOICE might add significant overhead while opening & converting the Office files." But those striving to make sure that the received Office files don't contain any malicious code, must include these free tools in to their MS Office security-arsenal, said the firm. PCworld.idg published this on May 23, 2007.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 31-05-2007