funsec mailing list archives
A new security tool from Microsoft: Is it clever or whacky?
From: <rms () computerbytesman com>
Date: Mon, 28 May 2007 18:19:15 -0400
http://blogs.technet.com/msrc/archive/2007/05/22/two-advisories-on-non-secur ity-updates.aspx Tuesday, May 22, 2007 4:31 PM by MSRCTEAM More Information on MOICE and Restricting Opening or Saving Types of Files The MOICE tool works to help protect you from malicious Office documents by capturing the legacy file format associations and diverting file open requests to this new process. First, it converts the document to the new Office Open XML format. It then converts back to the legacy binary format before handing off to the regular Office application to open the document. As David discussed in detail, this conversion happens in an isolated, low-rights environment which helps protect against attempts to exploit the conversion. MOICE captures the file associations for the following file types: .doc (Word document) .xls (Excel spreadsheet) .xlt (Excel Template) .xla (Excel Addin) .ppt (Powerpoint document) .pot (Powerpoint Template .pps (PowerPoint slideshow) Because a malicious user could try to bypass this conversion by renaming his malicious evil.doc file to evil.rtf, its also important to block other file types not handled by MOICE that Office still opens. Thats where the restricting open and saving types of files comes in: to block RTF and other file types not in the list above. The combination of MOICE + restricting opening or saving types of files helps to ensure that all files in the legacy binary file format go through this isolated conversion process before regular Office operates on them. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- A new security tool from Microsoft: Is it clever or whacky? rms (May 28)
- Re: A new security tool from Microsoft: Is it clever or whacky? Michael Silk (May 28)
- Re: A new security tool from Microsoft: Is it clever or whacky? Dude VanWinkle (May 28)
- Re: A new security tool from Microsoft: Is it clever or whacky? Michael Silk (May 28)