Educause Security Discussion mailing list archives
Anyone running Office 2007 DEP or MOICE?
From: Bob Doyle <bobdoyle () KELLOGG NORTHWESTERN EDU>
Date: Fri, 2 Apr 2010 11:00:36 -0500
I'm investigating anti-exploit technologies for Office 2007 and have identified two that seem useful: 1. Enabling Data Execution Prevention for Office 2007 by default http://support.microsoft.com/kb/971766 Description: DEP isn't enabled by default for Office 2007, this turns it on 2. The Microsoft Isolated Converter Environment (MOICE) http://support.microsoft.com/kb/935865 Description: MOICE is an isolated environment that converts any document from binary office format (.doc,.ppt,.xls) to the XML based Office 2007 format (docx, pptx, xlsx). The conversion will pretty much strip out any malicious binary code that could be hiding in the file. Is anyone out there supporting or encouraging users to use either of these? Has anyone run into use cases where these don't work? And btw, what are people's policies toward Office 2007 format these days? Cheers, Bob ----------------------------- Bob Doyle Northwestern University Kellogg School of Management
Current thread:
- Anyone running Office 2007 DEP or MOICE? Bob Doyle (Apr 02)
- <Possible follow-ups>
- Re: Anyone running Office 2007 DEP or MOICE? Flynn, Gary (Apr 02)
- Re: Anyone running Office 2007 DEP or MOICE? Bob Doyle (Apr 05)