Last Updated: 2007-09-19 16:05:16 UTC
by Maarten Van Horenbeeck (Version: 1)
As Jason announced in his diary on MOICE yesterday, Microsoft has today released Office 2003 SP3. This service pack includes a roll-up of several existing security fixes, but also makes some behavioral changes that affect security:
- Office can now no longer by default open certain older document formats, which include Coreldraw and older Powerpoint versions (pre-97). This significantly reduces the amount of attack surface;
- Older COM components that behave in a non-appropriate way may no longer have the same level of access as they did in the past (KB 938814);
- Administrators can now, through the registry, configure Office to no longer allow certain COM components. They also have the ability to block the opening of files older than a certain Word version (KB 938815 and 938810)
Plenty of other changes apply, this is not a complete list. Read more at Microsoft.