Microsoft Backs Down over Office 2003 SP3 File Blocking

By Peter Galli  |  Posted 2008-01-04 Print this article Print

Responding to complaints from Corel, Microsoft says users will soon be able to unblock and reblock files.

Microsoft will provide a new and easy way for customers to unblock the files that were shut off by default when they installed Office 2003 Service Pack 3. The software maker also confirmed to eWEEK Jan. 4 that all the same files are blocked by Office 2007, which was released a year ago, and that the company had erred when it stated that the file formats themselves were less secure, which is not the case. Rather, it is the parsing code that Office 2003 uses to open and save the file types which is less secure, Reed Shaffner, a product manager for Microsoft Office, told eWEEK on Jan. 4.
Microsoft released SP3 in September 2007, along with a white paper listing the files that it blocked for being "less secure," which included many of its own legacy files for Word, Excel and PowerPoint, as well as CorelDraw's .cdr files.
Microsoft also released a Knowledge Base article that detailed how customers could unblock these files by changing the registry, a complex and time-consuming process. But Microsoft is now giving customers an easier way to unblock and reblock these files. "The way this will work is that there will be a separate unblocker for each application, so there will be one for Word, another for Excel and one for PowerPoint. It's also an all-or-nothing scenario, so if you use the one for Word it will unblock every file type that was blocked before," Shaffner said.

Microsoft is taking heat for its Office 2003 SP3 file format blocking move. Click here to read more. As Microsoft had mistakenly said it was the file formats themselves that were less secure, rather than the parsing code, the company has updated the Knowledge Base article with more accurate information that corrected the error, he said. The new article also includes links to code customers can download to easily block and reblock these files. But Microsoft is warning customers that doing so may increase their security risk and make their computers or networks more vulnerable to attack by malicious users or software such as viruses. "We made a mistake, as it is the parsing code and not Corel's file format that is less secure, and we are doing everything we can to let people know that and to give them easy access to those files if they want or need it," Shaffner said. "When you look at the code that was written to parse these files some 20 years ago, the types of exploits and attacks that we see today did not exist. So the code that does the parsing is susceptible to attack and is the part that is actually vulnerable," he said. But Microsoft stands by its earlier guidance to customers that Office 2003 SP3 offers a lot of security enhancements and includes a lot of the benefits of Office 2007 for customers, Shaffner said.

Click here to read more about Office 2003 SP3. Rob Helm, an analyst with Directions on Microsoft, agreed, saying the blocking move shows more fear than malice on Microsoft's part, especially given that it has been "getting hammered by attacks on Office. Shutting down import/export filters by default is a cheap way to close off further potential avenues of attack," Helm told eWEEK. Corel, whose .cdr files were the only non-Microsoft file format blocked by SP3, was forced to issue a statement saying that customers could still use the CorelDraw Graphics Suite normally on systems on which Microsoft Office 2003 SP3 had been installed, and that. CDR files could still be opened from within CorelDraw or from Windows Explorer. Gerard Metrailler, Corel's director of graphics product management, said in a blog post Jan. 3 that the blocking only seemed to appear with embedded CorelDraw documents inside a Microsoft Office 2003 document through OLE (Object Linking and Embedding, a technology developed by Microsoft that allows embedding and linking to documents and other objects). While Shaffner said he did not know if Microsoft had specifically contacted Corel about the blocking move, he admitted the company did not handle the matter well. "To be perfectly candid, we could have done a better job giving Corel a heads-up, and we talked to its head of product management today," Shaffner said. Check out's Windows Center for Microsoft and Windows news, views and analysis.

Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel