Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft office file block & MOICE SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft office file block & MOICE

Microsoft introduced the ability to block file formats to the different  programs in office and safer ways to open suspect files about a year ago.

The file blocking is not based on the file extension but on the actual format (so renaming a rich text file (.rtf) to a .doc won't get around the restriction). Unfortunately it's set by making changes in the registry and perhaps worse: it's a blacklist instead of a list of allowed file types. Still if you never intend to open e.g. rtf files, you could block it.

Microsoft Office Isolated Conversion Environment (MOICE) is an alternate way to open office files away from the actual tool. Use it instead of the real thing if you cannot resist opening that unsolicited attachment promising whatever it promises.

It seems these tools aren't widely used, hence drawing a bit more attention to them might help protect a few in the end.

--
Swa Frantzen -- Gorilla Security

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!