As part of its regularly scheduled Patch Tuesday event this week—at which Microsoft unleashed a record 17 security fixes addressing 40 separate vulnerabilities—the software giant also announced that it will be backporting an Office 2010 security feature to Office 2007 and 2003. The feature, called Office File Validation, helps protects against binary file-format attacks using Office documents based on older document formats.
"First released in Office 2010, Office File Validation provides a check of file-format binary schema as each file is being read," a blog post by Microsoft Senior Response Communications Manager Carlene Chmaj reads. "If it detects an issue, it opens the file in Protected View. This helps prevent unknown binary file-format attacks using Microsoft Office 97-2003 file formats for Word, Excel, Publisher, and PowerPoint."
Hackers often target older versions of Microsoft Office document files because they're less secure than more modern Office document formats. So Microsoft built Office File Validation into Office 2010, providing protection against maliciously formatted legacy Office documents. Files that are found to contain suspicious code load in a new Protected View, in which the document can still be read but not edited. This view prevents suspicious code hidden in the document from running, Microsoft says, protecting the user from potential risk.
Microsoft says that it will ship a software update for users of the older Office 2007 and 2003 versions sometime in the first quarter of 2011, providing them with the same Office File Protection functionality. Like the current version, it will work with Office document formats like .doc, .xls, .ppt and .pub files; Microsoft replaced these legacy formats with newer, XML-based document formats in 2007.