Microsoft launches last-ditch effort to protect Office

"File Block," enterprise IT staffers to declare specific Office file types that can or cannot be opened

Tacitly acknowledging that it cannot completely secure its Office suite against attackers, Microsoft Monday promoted a last-ditch defence that lets administrators block users from opening documents.

Prosaically dubbed "File Block," the feature allows enterprise IT staffers -- or a technically astute end user -- to declare the specific Office file types that can or cannot be opened by Word 2003/2007, Excel 2003/2007 and PowerPoint 2003/2007. File type restrictions are spelled out by editing the Windows registry or through Group Policy settings.

Microsoft pitched File Block as a way to keep individual users from doing the enterprise harm. "Blocking specific Office file types allows administrators to temporarily deny users the ability to open certain files, such as when a threat of attack from a given Office file type exists," the company said in a security advisory posted Monday.

Even if Office is religiously patched, Microsoft recognizes that attacks may be successful and sees File Block necessary as a stop-gap. "Threat[s] may occur even if your Office 2003 or 2007 Office software has been kept up-to-date, for example if a previously unknown new 'zero-day' vulnerability in Office is discovered and then used to attack users of Microsoft Office," read the advisory.

Attacks carried out via malicious Office documents climbed during 2006, and are continuing this year. Many of the attacks have been very tightly targeted, say security professionals, often one-on-one, with a single e-mail carrying an Office document attachment sent to just one recipient in a company or organization. Last month, MessageLabs noted that micro-managed attacks like these had increased ten times over last year. In April, 95 percent of such attacks used malformed Office documents as an exploit vector.

File Block functionality is built into Word, Excel, and PowerPoint 2007 -- although disabled by default -- and was added to the 2003 editions by updates unveiled two weeks ago as part of the regularly monthly security patch cycle. (Users can also manually download the Word 2003, Excel 2003, and PowerPoint 2003 updates from the Microsoft site.)

Security researchers urged users to consider activating the new feature. "File Block ability is a natural addition for most Office environments," said Symantec in a posting to its DeepSight threat management system customers today. "These new applications provide additional remediation and control over what is considered a significant threat to today's Office environments."

Also on Monday, Microsoft released MOICE (Microsoft Office Isolated Conversion Environment), the conversation tool announced earlier this month that converts Office 2003 format documents into the more secure Office 2007 formats to strip out possible exploit code.

MOICE converts files in an isolated, sandbox-style environment so that if the worst happens and an attacker tries to exploit and/or infiltrate the converter itself, the utility simply crashes in its protected cocoon without damaging the system or allowing rogue code to install. MOICE requires Office 2003 and the Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; the latter is a free add-on download.

Microsoft labeled MOICE, like the new File Block, a defense against imminent attacks or those already in play. "MOICE provides a mitigation that administrators and users can use to protect themselves when the threat of an attack from potentially unsafe Office 2003 binary documents exists," said Microsoft.

Symantec applauded MOICE -- with one caveat. "It has been reported that MOICE may add noticeable overhead when opening and converting Office files," the security company told customers. "However, for those who strive to ensure that received Office documents are safe to handle and do not contain malicious code these free tools are a highly suggested addition for your MS Office security arsenal." MOICE's performance overhead stems from its two-stage file conversion: the first from old 2003 format to the new 2007 format, then another from new back to old.

MOICE can be downloaded immediately by visiting Microsoft Update and installing the recommended update. It will also be pushed out to users in the next scheduled security update, June 12.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?