A new security tool from Microsoft: Is it clever or whacky?

[<rms () computerbytesman com>]

http://blogs.technet.com/msrc/archive/2007/05/22/two-advisories-on-non-secur
ity-updates.aspx

Tuesday, May 22, 2007 4:31 PM by MSRCTEAM 

More Information on MOICE and Restricting Opening or Saving Types of Files

The MOICE tool works to help protect you from malicious Office documents by
capturing the legacy file format associations and diverting file open
requests to this new process.  First, it converts the document to the new
Office Open XML format.  It then converts back to the legacy binary format
before handing off to the regular Office application to open the document. 
As David discussed in detail, this conversion happens in an isolated,
low-rights environment which helps protect against attempts to exploit the
conversion. 

MOICE captures the file associations for the following file types:

•         .doc (Word document)
•         .xls (Excel spreadsheet)
•         .xlt (Excel Template)
•         .xla (Excel Addin)
•         .ppt (Powerpoint document)
•         .pot (Powerpoint Template 
•         .pps (PowerPoint slideshow)

Because a malicious user could try to bypass this conversion by renaming his
malicious evil.doc file to evil.rtf, it’s also important to block other file
types not handled by MOICE that Office still opens.  That’s where the
restricting open and saving types of files comes in: to block RTF and other
file types not in the list above.  The combination of MOICE + restricting
opening or saving types of files helps to ensure that all files in the
legacy binary file format go through this isolated conversion process before
regular Office operates on them.




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.