Service Pack 3 Available for Office 2003 Users
Microsoft has released its third service pack for Office 2003 users. The company says the 117-megabyte bundle of security updates and program tweaks "represents a major evolution in security for Office 2003" and that it "further hardens the Office suite against potential attacks and other security threats."
Office 2003 users can download the update from this link.
In addition to bundling a number of security fixes that have been previously released as separate Office 2003 updates, Service Pack 3 includes new security features, and it does away with several features that have opened avenues of attack or disclosed sensitive data. The service pack also includes stability updates, based on information gleaned from program crash dumps reported to Microsoft.
Among the key new security features of SP3 is the addition of MOICE -- also known as the Microsoft Office Isolated Conversion Environment. This clumsy sounding component is probably the most important piece of the entire package. For the past two years, one of the most common sources for new and targeted attacks against Windows users took advantage of flaws in various Office file formats -- such as Word, Excel or PowerPoint -- to launch other programs or write data to other areas of the operating system. What MOICE tries to do is build a wall around each Office file that is opened, and simply not let the file play outside of the wall, for want of a better metaphor.
In the name of security and privacy, certain features of Office 2003 will no longer work after applying Service Pack 3, such as the "Fast Save" option. According to Microsoft, having fast save turned on means certain metadata, such as comments, erased text, previous saved versions and a username may be embedded in the document. "Disabling Fast Save ensures that confidential data is protected against improper disclosure," Microsoft wrote.
Office 2003 users who apply SP3 may also notice they can no longer open or save certain file formats. According to Microsoft, this includes some Microsoft Office Excel 2003, Microsoft Office PowerPoint 2003, Microsoft Office Word 2003, and Corel Draw (.cdr) file formats. "By default, these file formats are blocked because they are less secure. They may pose a risk to you." In addition, SP3 blocks certain functions in older Excel file formats -- such as macros -- from running automatically, a chance Redmond hopes will help prevent security attacks on earlier file formats.
Posted by: James | September 26, 2007 1:43 PM | Report abuse
Posted by: GTexas | September 26, 2007 6:13 PM | Report abuse
Posted by: TJ | September 26, 2007 8:37 PM | Report abuse
Posted by: HoCo | September 27, 2007 9:17 AM | Report abuse
Posted by: KDT | September 27, 2007 9:54 AM | Report abuse
Posted by: Bk | September 27, 2007 10:31 AM | Report abuse
Posted by: A | September 27, 2007 3:55 PM | Report abuse
Posted by: TravisO | October 2, 2007 12:42 PM | Report abuse
Posted by: Jason | November 7, 2007 3:10 PM | Report abuse
The comments to this entry are closed.