Microsoft is making the third service pack for Office 2003 available for free download Sept. 18, which the company says strengthens the products defenses against malicious software.
“While SP3 will be available as a free download on Sept. 18, customers will also begin to get notified of its availability via Microsofts AutoUpdate over the next few weeks,” a Microsoft spokesperson told eWEEK.
The service pack can be downloaded here.
“Microsoft Office 2003 Service Pack 3 is the culmination of several years of improvements to the product suite … It makes it easier to work with the Windows Vista operating system, exchange files with people who use the 2007 Microsoft Office system, and interact with servers in the 2007 release. SP3 also minimizes the issues that previously caused distractions,” a white paper released along with the service pack says.
SP3 also enhances security by including recent, individually released patches. It includes new features and tools—such as MOICE (Microsoft Office Isolated Conversion Environment) and File Block—which were developed as part of the 2007 Microsoft Office system.
These two security tools, released separately earlier this year, reduce the threat of malware concealed within Microsoft Office documents, the paper says.
MOICE allows users to open Microsoft Office documents from unknown senders with relative safety. It uses the converters in the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 file formats to convert binary format files into the newer Office Open XML format, it says.
Whats so hard to understand about MOICE? Click here to read more.
“The conversion process removes malicious content within corrupted or tampered documents and has successfully remedied all issues to date. MOICE conducts these cleansings in a restricted process, thereby protecting the underlying system in the event that any code tries to execute during the conversion process,” the paper says.
File Block complements MOICE by allowing IT administrators to temporarily prevent certain file formats from opening through registry or group policy. This provides companies with the flexibility needed to quickly respond to evolving threats without unduly limiting productivity, the paper says.
For businesses, the service pack is a crucial update that addresses security issues around legacy file formats and add-ins using the Microsoft COM (component object model) and privacy concerns regarding hidden metadata.
But while Microsoft, of Redmond, Wash., has rigorously tested Office 2003 SP3 with major business software packages, including third-party products from Hyperion and SAP, and identified no major compatibility issues, there are some changes to the 2003 Office release that might adversely affect systems and workflows, it acknowledged.
Read more here about how the BI landscape is changing.
“The most noticeable of these changes is that the functionality of COM add-ins and ActiveX controls may be reduced or blocked if the component uses insecure interface methods. Office 2003 SP3 automatically tests all COM components and limits potentially insecure functions,” the paper says.
Legacy file formats created using Microsoft Office programs are also disabled by default as this increases security since hackers can more easily find vulnerabilities in the older formats. IT administrators can change the settings to allow specific document formats, if needed, according to the paper.
Office 2003 SP3 also disables the Fast Save feature in Word 2003, which speeds up the document-saving process by saving only the changes made to a document.
“But the saved document may contain metadata, such as comments, erased text, previous versions and authorship. Disabling Fast Save ensures that confidential data is protected against improper disclosure,” the white paper says.
Check out eWEEK.coms for Microsoft and Windows news, views and analysis.