Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2007 > Microsoft Security Advisory Notification: Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office (937696)

May 2007

Microsoft Security Advisory Notification: Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office (937696)

ID: 136
Ref: 078/2007
Date: 22 May 2007:14:37:38
Version: 1
Title: Microsoft Security Advisory Notification: Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office (937696)
Abstract: Microsoft Office Isolated Conversion Environment - MOICE - feature and the File Block. Designed to make it easier for customers to protect themselves from Office files that may contain malicious software.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Full advisory: http://www.microsoft.com/technet/security/advisory/937696.mspx

********************************************************************

Today we are announcing the availability of the Microsoft Office Isolated Conversion Environment (MOICE) feature and more widely notifying customers of the File Block functionality for Microsoft Office 2003 and the 2007 Microsoft Office system. Both features are designed to make it easier for customers to protect themselves from Office files that may contain malicious software, such as unsolicited Office files received from unknown or known sources. MOICE makes it easier by providing new security mitigation technologies designed to convert specific Microsoft Office files types, while File Block provides a mechanism that can control and block the opening of specific Microsoft Office file types.

The Microsoft Office Isolated Conversion Environment (MOICE) uses the 2007 Microsoft Office system converters to convert Office 2003 binary documents to the newer Office open XML format. The Conversion process helps protect customers by converting the Office 2003 binary file format to the Office open XML format in an isolated environment. In summary, MOICE provides a mechanism for customers to pre-process potentially unsafe Office 2003 binary documents, by virtue of the conversions process it provides customers with a greater degree of certainty that the document can be considered safe.

We encourage Microsoft Office customers to review the related Knowledge base article and consider whether MOICE can help protect users in your IT environment. For more information about this release, see Microsoft Knowledge Base Article 935865 (http://support.microsoft.com/kb/935865).

We encourage Microsoft Office customers to review the related Knowledge base article and consider whether File Block can help protect users in your IT environment. For more information about this release, see Microsoft Knowledge Base Article 922849 (http://support.microsoft.com/kb/922849), Microsoft Knowledge Base Article 922848 (http://support.microsoft.com/kb/922848), and Microsoft Knowledge Base Article 922847 (http://support.microsoft.com/kb/922847).

When MOICE and File Block are used together they are an effective mitigation strategy for customers when the threat of attack using certain Office types exists. This enables customers to continue using Microsoft Office with a high degree of assurance that the files being opened are considered safe and will not infect users with malicious software.

Frequently Asked Questions

- What versions of Microsoft Office are associated with this advisory?
This advisory focuses upon Office 2003, the 2007 Office system, and the Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

- How does MOICE actually work to protect me?
MOICE works by converting Office 2003 binary format files to the newer 2007 Office open-XML format. During the conversion of an unsafe file, MOICE will fail to convert the file, create a safe version of the file, or the converter itself will crash; the mere process of conversion and achieving one of three possible outcomes is what protects customers. Additionally, the conversion process itself takes place in an isolated environment, so even if the unsafe Office file being converted contains exploit code it is extremely unlikely that exploit code would affect a user’s system.

- How does File Block actually work to protect me?
File Block works by making Excel 2003, PowerPoint 2003, and Word 2003, or Excel 2007, PowerPoint 2007, and Word 2007 check the FileOpenBlock subkey in the Windows registry before opening specific Office file types. If a user initiates a file open within Office, the Office software first checks the FileOpenBlock subkey. If the file type the user is opening is on the restricted list it will be blocked, otherwise it is opened as normal.

- Do I have to install Both MOICE and File Block together for to successfully use the features?
No, the two technologies are independent of one another, but if required they can both be installed and/or enabled at the same time. However, Microsoft does strongly recommend using the two features in conjunction with one another to provide the highest level of protection when threats exist.

Disclaimer:

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

********************************************************************
______________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.

______________________________________________________________________________

CPNI wishes to acknowledge the contributions of Microsoft for the information
contained in this advisory.
______________________________________________________________________________
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |