funsec mailing list archives
Re: A new security tool from Microsoft: Is it clever or whacky?
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Tue, 29 May 2007 00:53:30 -0400
On 5/28/07, Michael Silk <michaelslists () gmail com> wrote:
On 5/29/07, rms () computerbytesman com <rms () computerbytesman com> wrote: > http://blogs.technet.com/msrc/archive/2007/05/22/two-advisories-on-non-secur > ity-updates.aspx > > Tuesday, May 22, 2007 4:31 PM by MSRCTEAM > > More Information on MOICE and Restricting Opening or Saving Types of Files > > The MOICE tool works to help protect you from malicious Office documents by > capturing the legacy file format associations and diverting file open > requests to this new process. First, it converts the document to the new > Office Open XML format. It then converts back to the legacy binary format > before handing off to the regular Office application to open the document. gee, what could _possibly_ go wrong here. > As David discussed in detail, this conversion happens in an isolated, > low-rights environment which helps protect against attempts to exploit the > conversion. how is this achieved?
durr, mebe read the thread on this earlier in funsec, or the link to research.ms...
> MOICE captures the file associations for the following file types: > > • .doc (Word document) > • .xls (Excel spreadsheet) > • .xlt (Excel Template) > • .xla (Excel Addin) > • .ppt (Powerpoint document) > • .pot (Powerpoint Template > • .pps (PowerPoint slideshow) what about .dot? i agree; this does seem rather wacky and strange. "our regular word parser isn't secure, lets make a new one, that converts twice, and make THAT secure" .... seems a little weird to me.
well when you program in code, sometime your exploits dont port forward. These guys discovered if you port 2003/200 code to office 2007 code, none of the exploits translate (and even if they did, how would you get around Stack Cookies, SafeSEH and DEP (excluding starforce ;-), and decided to release this as a tool.. IMO MS has stepped up and is doing an awesome job.. -JP<mailing lists byte computerman, fer once> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- A new security tool from Microsoft: Is it clever or whacky? rms (May 28)
- Re: A new security tool from Microsoft: Is it clever or whacky? Michael Silk (May 28)
- Re: A new security tool from Microsoft: Is it clever or whacky? Dude VanWinkle (May 28)
- Re: A new security tool from Microsoft: Is it clever or whacky? Michael Silk (May 28)