Microsoft office file block & MOICE
Microsoft introduced the ability to block file formats to the different programs in office and safer ways to open suspect files about a year ago.
The file blocking is not based on the file extension but on the actual format (so renaming a rich text file (.rtf) to a .doc won't get around the restriction). Unfortunately it's set by making changes in the registry and perhaps worse: it's a blocklist instead of a list of allowed file types. Still if you never intend to open e.g. rtf files, you could block it.
Microsoft Office Isolated Conversion Environment (MOICE) is an alternate way to open office files away from the actual tool. Use it instead of the real thing if you cannot resist opening that unsolicited attachment promising whatever it promises.
- http://blogs.technet.com/swi/archive/2008/05/13/file-block-and-ms08-026.aspx
- http://www.microsoft.com/technet/security/advisory/937696.mspx
It seems these tools aren't widely used, hence drawing a bit more attention to them might help protect a few in the end.
--
Swa Frantzen -- Gorilla Security
Comments