Office 2010 Takes Aim at Malware Threats

Microsoft described a security feature in Office 2010 designed to block malware associated with older Office binary file formats.

The feature, called "Office file validation," checks to see if a binary file used by Office applications such as Word, PowerPoint and Excel (with .DOC, .PPT and .XLS extensions) is a trusted document or stored in a trusted location. If not, the file will get protected in a sandbox, or "protected view," which will limit the file's access to system resources, according to David B. Heise, a member of Microsoft's Office security team, in a Wednesday blog post.

The validation feature was first introduced in Microsoft Publisher 2007 to check .PUB files, Heise explained. It will take longer to open binary files in Office 2010 because of the validation process, but the delay will be barely perceptible. Heise said in the blog that "most files validate in the 1 to 100 milliseconds range."

The new Office file validation feature extends concepts from an earlier Microsoft security tool called "MOICE," or Microsoft Office Isolated Conversion Environment, according to Wolfgang Kandek, CTO of Qualys.

"Office documents received by e-mail or downloaded through the Internet are opened in a protected environment, a 'sandbox,' and if the document attempts to modify the underlying operating system, it is blocked by the sandbox," Kandek explained in an e-mail. "If the user wants to edit and save the document, he has to press an 'enable editing' button to retrieve the document from the sandbox."

IT pros might feel nervous about letting users edit such sandboxed documents, which can be enabled through Office 2010's "backstage view." Heise explained that Microsoft provides group policy settings in Office 2010 to turn off that option.

In general, client-side attacks leveraging binary files represent a growing security concern these days, according to Tyler Reguly, senior security engineer at nCircle.

"The whole genre of client-side attacks is coming to the forefront, especially when you are talking about Office," Reguly said. "So those older documents, like Office 97 to Office 2003 formats -- before they got into the new Office 2007 format -- they really are one of the primary target points right now."

Office 2010, which was released last month as a beta, relies on Microsoft's newer Open XML file format that first appeared in Office 2007. In general, there has been a decrease in security vulnerabilities associated with Open XML document formats, according to Reguly.

Despite the new security checks in Office 2010, users still need to run antimalware at the gateway and the desktop, according to Reguly.

"You need to be scanning your e-mail -- there are too many threats coming in," Reguly said. "While this [Office file validation] is going to help and reduce the problems, it's not a be-all and end-all. It's one more layer in that onion of security."

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.