Microsoft takes aim at malware with the newly available Microsoft Office Isolated Conversion Environment tool.
Microsoft officials have released a much-anticipated tool to help protect Office 2003 from malware attacks.
MOICE (Microsoft Office Isolated Conversion Environment) has gone live and is available for download.
The free tool converts files from Office 2003 to the new Office 2007 Open XML format in a bid to strip out the exploit from the file. Once the file has been cleansed of exploits, it can be opened as normal in Office 2003.
The conversions take place in an isolated sandbox environment so they can be done securely, Microsoft officials have said.
Click here to read more about malware threats in the enterprise.
"One of the things we noticed is that when we converted an exploit document to the new Office 2007 Metro format, it would either fail the conversion, emit a non-exploitable file or the converter itself would crash," Microsoft Senior Software Development Engineer David LeBlanc wrote in a blog post earlier this month. "Thus," he continued later, "if we could pre-process documents coming from untrusted sources from the older format to the new format, and then get an older version of Office to use its converter to read in the new file format, the customer is going to end up safer."
MOICE specifically targets Office 2003. However, people using older versions such as Office 2000 or Office XP can use a compatibility pack
that enables users to open, edit and save files in the Office 2007 format.
In an advisory, Microsoft officials stated customers could use MOICE with Office 2003 or 2007 to pre-process unsafe Office 2003 binary files and save them to the Office 2007 open XML format. That converted and saved file could then be opened by Office 2000 and Office XP users who have the Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats installed, according to the advisory.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.