Security Tool Scrubs Office Files

A new command-line utility can scrub many security vulnerabilities from Office files. The Microsoft Office Isolated Conversion Environment (MOICE) utility runs on desktops and can eliminate many features of older Office binary formats that have been exploited by recent “zero-day” attacks-attacks that take advantage of previously unknown vulnerabilities. However, the utility does not preserve all data in the files that it processes, so it will mainly serve very security-sensitive environments.

Office 2007 Conversion Reduces Risk

The utility works by converting files to the Office 2007 XML-based formats, a process that eliminates macros as well other binary format features (such as embedded memory pointers) that have been exploited by attackers. The utility runs with very low privileges (hence, “isolated”) so that files that compromise the utility itself are unlikely to damage the user’s computer.

Using Group Policy, administrators set up MOICE so it automatically processes any binary Office file that a user opens. Administrators register the utility as the default application for binary Office formats on every computer, and have the utility automatically run Office to open each Office 2007 file that it produces. On computers that run Office 2003 rather than Office 2007, administrators can install the Compatibility Pack patch, which enables Office 2003 to open files in Office 2007 formats.