Microsoft Office is all-but ubiquitous in the corporate world, as is its undoubted status as a major potential security headache. Despite its productivity benefits, its security risks come from two main areas: the seemingly endless series of patches needed to maintain its ever-growing code-base, and the relative ease with which users can use it to leak information and develop their own applications that go against corporate guidelines. While those problems can be mitigated to some extent, they are ongoing concerns for application-level security.
The next major release of the product, Office 2010, is due out at some point next year. However, the recent release of a technical preview means that it is now being subject to serious public scrutiny for the first time. (Unlike the recent Windows 7 release candidate, the technical preview isn't open to any member of the public, but has been restricted to an invitation-only group, although copies of varying stability have been widely distributed on peer-to-peer file sharing networks.)
In line with that broader visibility, Microsoft has also begun more actively discussing the feature set for the product. On the security front, the main enhancements were outlined in a recent blog post by Brad Albrecht, senior security product manager in the Office team.
Albrecht acknowledges that Office is now a major security problem: "Office has had the misfortune of becoming one of the next big targets for hackers to attack," he wrote. "They have been going after many of our file-format parsers and how we read Office files. They’re looking for ways to exploit bugs and to get their code running on your machine. We have done a lot of work to find and fix bugs, but we can’t find everything. We have to take a more proactive approach and build Office to be more resilient to attack."
The key element in that plan is what Albrecht describes as a new "security workflow", designed to proactively inspect documents during the file opening process. Microsoft has long provided on-screen warnings for file types viewed as risky. Those include the option of Reading View for documents opened from within email and the creation in Office 2007 of separate file formats for documents including macros, long deemed a major security problem in the software.
For the most part, that approach continues in Office 2010. For instance, the File Block feature introduced in 2007 will offer "a finer level of granularity" to allow users (or security managers) to ban specific file types. Similarly, the Office File Validation feature, which was used in Publisher 2007 to check if older format files were in the correct format, is being extended to the main products (Word, Excel and PowerPoint) in the Office suite.
One difference in the Office 2010 interface is that user dialogues around security have largely disappeared. Instead of refusing to open a file outright, a new "Protected View" mode will show the content of files deemed suspicious. The text will be ready only and opened in a separate sandbox, so that it can't damage your system. Users can choose to trust individual files, presuming that system-wide permissions have been set to allow that option.
"By tying all of these features together into a layered defence, any file that reaches your machine will get inspected for the file format being blocked, tested for validity, and maybe shown in a read-only protected state," Albrecht wrote.