Office Security: Deployment Info for Office 2003 & 2007 File Validation

  • Article

We recently posted on the Office File Validation (OFV) back port for Office 2003 and 2007.

In today’s post we’d like to continue the discussion on OFV to discuss deployment-related aspects. The most common questions we are asked relate to the distribution plans and deployment best practices for the updates.

We should take a moment to explain the architecture of the solution so that we can best understand how these updates will be applied. The diagram below illustrates what I am describing in text.

Because existing Office installations have no awareness of the OFV component, the first thing we must do is update the existing installations so that they can be made aware of OFV. In the upcoming release of OFV, updates for WinWord.EXE, Excel.EXE, PowerPoint.EXE, MSPub.EXE (Publisher), and a core component named MSO.DLL. These updates are contained within the corresponding MSPs (MSI Patches) per the diagram below, and target a specific version, 2003 or 2007. These MSP’s will contain additional updates for the respective applications; this includes security updates. These MSPs (patches) can be deployed in any order, as the DLLs added by OFV.MSI are only activated when called by the corresponding updates to the core .EXEs. If you update the core EXEs without installing OFV, file open operations will continue to function in the same manner they do today. This design allows the updates to be deployed separately, if you desire to install and test the core application updates prior to enabling OFV on any system.

The File Validation definitions are installed by a new MSI, OFV.MSI. This MSI will lay down several new DLL’s for your office installation, to correspond to validation for specific formats. OFV.MSI targets Office 2003 SP3 and Office 2007 SP2. As we continue to test and update the binary format validators, it may be necessary to introduce updates or changes to the file validation definitions. In the event that definition updates are necessary, they will be delivered via a new MSP file (in future public updates).

OFV will be available from the Microsoft Download Center first. We will then make OFV available on Microsoft Update shortly thereafter.  Much like we do with service pack releases, offering these updates as manual downloads first provides IT with an opportunity to test and deploy the changes on their own schedule. We will post an update to this blog as a notification to IT customers when OFV will be enabled for Microsoft Update / Automatic Updates, and we plan to post the update at least 60 days prior to the updates going live.

Next Troubleshooting Binary Files that fail validation using the Microsoft Office Binary File Format Validator.

Thanks,

Modesto and The Office File Validation Backport team