Microsoft to boost Office 2003, 2007 security

Will backport suspicious file sniffer from Office 2010 in Q1 of 2011

Microsoft said on Tuesday that it would backport an Office 2010 security feature to the older and more widely used Office 2003 and Office 2007 early next year.

Dubbed Office File Validation (OVE), the technology validates older, pre-XML file formats for Word, Excel, PowerPoint and Publisher, then opens those that don't conform to the documented format -- rigged files containing an exploit, for example -- in a special "sandbox" within Office 2010 called Protected View.

That sandbox lets users view the contents of a document, but disables most editing functions to prevent malware that may be embedded in the file from executing.

OVE debuted in early builds of Office 2010, which launched last June.

Microsoft said on Tuesday that it would bring some parts of OVE to Office 2003 and Office 2007 in the first quarter of 2011.

"It will be an optional update for those platforms, but we'll make a big push to urge customers to download it," Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), told Computerworld on Tuesday.

As in Office 2010, OVE in Office 2003 and 2007 will examine Word, Excel, PowerPoint and Publisher documents saved in Office 97-2003 binary file formats. (Microsoft moved to XML-based document formats by default with Office 2007.)

See How to Deliver a Better PowerPoint Presentation

However, rather than opening suspicious files in a sandbox, which neither of the older suites have, OVE in Office 2003 and 2007 will trigger an alert that warns the user that the document could be dangerous.

Users can click through the warning to continue opening the file, Bryant said.

Microsoft decided to backport OVE to Office 2003 and 2007 after analyzing about four years' worth of data. The company said that more than 80% of all Office security cases would have been handled by OVE if it had been in place throughout the suite's versions.

File format vulnerabilities -- exploited by specially crafted documents -- have long plagued Office, and remain the top threat to users. On Tuesday, for example, Microsoft patched that could be used to hijack a PC with malformed files.

At some point, the Office team plans to issue "signatures" so OVE can detect newly-discovered file format vulnerabilities, then push the document into Protected View (in Office 2010) or warn the user (Office 2003, 2007).

Bryant declined to set a timeline for the updates, which would be analogous to the signature updates regularly provided for antivirus software -- but said they would definitely not go live when Office 2003 and 2007 receive the OVE upgrade next year.

"This won't happen in the foreseeable future, but when it does, the vast majority of Office vulnerabilities would be mitigated by technology like this," Bryant said.

Unfortunately, users of the even older Office XP won't receive the OVE update. That edition, which shipped in 2001, is even buggier than 2003 and 2007. Last October, for example, Microsoft patched 11 vulnerabilities in Office XP's Word 2002 , but had to issue fixes for only two of the same flaws for Office 2003 and just one each for Office 2007 and Office 2010.

Join the PC World newsletter!

Error: Please check your email address.

Tags App SecurityapplicationsMicrosoftsecuritysoftwareMalware and VulnerabilitiesOffice suites

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?