On TV.com: TOP 10 Shows CANCELED Too Soon
BNET Business Network:
BNET
TechRepublic
ZDNet

May 21st, 2007

Microsoft releases Office exploit isolation tool

Posted by Ryan Naraine @ 3:53 pm

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Microsoft Office, Microsoft Corp., Tool, Ryan Naraine

Microsoft has released a file conversion tool that stops exploits rigged into .doc, .xls and .ppt files from infecting Office 2003 users.Microsoft Office 2007

The tool, called MOICE (Microsoft Office Isolated Conversion Environment), can be used in tandem with Group Policy settings to convert documents in legacy (.doc) formats to OpenXML formats, stripping out potentially harmful elements that could pose a potential security risk.

The conversion process takes place in a safe, quarantined sandbox environment, so the user’s computer is fully protected. (See previous blog entry on the MOICE plans).

The tool, available here as a free download, currently supports the .doc, .ppt, .pot, .pps, .xls, .xlt and .xla file formats.

According to a KB article accompanying the MOICE release, the tool requires that Office 2003 or Office 2007 is installed along with the Compatibility Pack for Word, Excel and PowerPoint 2007 file formats.

Microsoft has already released a security advisory with additional details.

ALSO SEE: Statistics from MessageLabs on targeted attacks using Microsoft Office exploits, including speculation that an Office exploit generator kit may be in circulation online.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 7 Talkback(s)
Did I?
1) MS just wasted Billion of dollars developing Vi$$$ta and Office 2007

2) MS wants you to BUY these POS pieces of shite.

3) Ergo, "All Office Previous to Office 2007 has some kind of se... (Read the rest)
Posted by: XweAponX Posted on: 06/01/07 You are currently: a Guest | | Terms of Use
Thanks, but they can keep it. [NT]  jacarter3 | 05/22/07
I have a better idea.  fde101 | 05/22/07
This sounds good  ejhonda | 05/22/07
Safer place?  KTLA | 05/22/07
This is just another Microsoft SCAM  XweAponX | 05/22/07
Nice rant - too bad you missed the point  ejhonda | 05/22/07
Did I?  XweAponX | 06/01/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More