Microsoft
is recommending that its users adopt
two new security features in its Office suite to protect
themselves from malicious Office documents.
Redmond has announced the
availability of the Microsoft Office Isolated Conversion
Environment (Moice) feature and is pushing the recently released
File Block update for
Microsoft Office 2003 and the 2007 Microsoft Office system.
Both features are
designed to make it easier for administrators and individual users
to protect themselves from Office files that may contain malicious
software, such as unsolicited Office files received from unknown or
known sources.
Moice makes it
easier by providing new security mitigation technologies designed
to convert specific Microsoft Office files types, while File Block
provides a mechanism that can control and block the opening of
specific Microsoft Office file types.
Moice uses the 2007 Microsoft Office
system converters to convert Office 2003 binary documents to the
newer
Office open XML format. The conversion process helps protect
customers by converting the Office 2003 binary file format to the
Office open XML format in an isolated environment.
Moice provides a
mechanism for customers to pre-process potentially unsafe Office
2003 binary documents. The conversion process provides customers
with a greater degree of certainty that the document can be
considered safe.
The File Block functionality for
Microsoft Office 2003 and the 2007 Microsoft Office system allows
administrators to restrict via registry and group policy specific
Office file types that can or cannot be opened when using
Microsoft Word,
Powerpoint, and
Microsoft Excel.
Blocking specific
Office file types allows administrators to temporarily deny users
the ability to open certain files, such as when a threat of attack
from a given Office file type exists, said Microsoft, particularly
when there is no patch available for the threat.
Microsoft said,
“When Moice and File Block are used together they are an effective
mitigation strategy for customers when the threat of attack using
certain Office types exists.
“This enables
customers to continue using Microsoft Office with a high degree of
assurance that the files being opened are considered safe and will
not infect users with malicious software.”
Microsoft should scrap Patch Tuesday >>
View the Microsoft advisory on the two security features
>>
Comment on this
article:
computer.weekly@rbi.co.uk