Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Microsoft office file block & MOICE InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft office file block & MOICE

Published: 2008-05-13
Last Updated: 2008-05-13 23:23:11 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

Microsoft introduced the ability to block file formats to the different  programs in office and safer ways to open suspect files about a year ago.

The file blocking is not based on the file extension but on the actual format (so renaming a rich text file (.rtf) to a .doc won't get around the restriction). Unfortunately it's set by making changes in the registry and perhaps worse: it's a blacklist instead of a list of allowed file types. Still if you never intend to open e.g. rtf files, you could block it.

Microsoft Office Isolated Conversion Environment (MOICE) is an alternate way to open office files away from the actual tool. Use it instead of the real thing if you cannot resist opening that unsolicited attachment promising whatever it promises.

It seems these tools aren't widely used, hence drawing a bit more attention to them might help protect a few in the end.

--
Swa Frantzen -- Gorilla Security

Keywords: Microsoft
0 comment(s)
Diary Archives