The Microsoft Office 2010 security whitepaper, “Keeping Enterprise Data Safe with Office 2010” is currently available for download from the Microsoft Download Center.
This whitepaper highlights the new security features and enhancements introduced in Microsoft Office 2010 that help protect organizations from exploits targeting users who use Office applications in their daily work. The paper begins by describing the evolving threat landscape that drove the Office engineering team to make these improvements and how Office security has evolved through different versions. The paper then goes on to describe the three security goals that guided the Office development process, namely improving the Office security engineering processes, providing effective and easy-to-use protection technologies for Office users, and strengthening Office core security features and technologies. The Office defense-in-depth protection model is described next, after which key security technologies such as Office File Validation, Protected View and Trusted Documents are demonstrated in detail. The paper concludes by briefly examining other Office 2010 security improvements including Data Execution Prevention, ActiveX kill bit, password complexity requirements, and encryption and digital signature improvements.