Improve your Microsoft Office security with Office File Validation coming to Office 2003 and Office 2007


Hello, it’s my pleasure to announce to you the future
availability of the Office File Validation for Office 2003 and Office 2007.

What is Office File Validation you ask?  Office File
Validation is a security feature first introduced in Office 2010 (See David
Heise’s
blog

for more information).  Office File Validation was created to help prevent
unknown binary file format attacks against Microsoft Office 97-2003 file
formats.  What does this mean?  Whenever a user opens Microsoft
Office 97-2003 binary file (such as .doc) the file is compared to binary
schema.  If the file fails this validation the user is notified that the
document could be considered compromised.  In Office 2003 and Office 2007
the user will be prompted about the file status and can choose either to cancel
the file opening or to continue to open the file.  In Office 2010 the file
will automatically continue to open creating a seamless transition into the
Office 2010 Protected View.

In monitoring incoming security cases we’ve been testing the
cases against Office File Validation the results have been fantastic! 
Since the year 2007 over 80% of all Microsoft Office security cases would have
been caught by Office File Validation.  This is one of the reasons why
Microsoft decided to back-port Office File Validation for Office 2003 and
Office 2007.  While this is great news for Office 2003 and 2007, this
solution doesn’t match the benefits that Office 2010 brings to the table. 
With Protected View you can continue to view your document in a protected environment
along with improved File Blocking capability.

We will continue to provide more information in the coming months about deployment scenarios and the availability.

Comments (0)