Microsoft to offer tool for isolating zero-day exploits

If you pay any attention to the vulnerabilities that pop up in Microsoft's Office products, you've probably noticed a trend. New exploits that take advantage of bugs in the Office suite just keep coming, delivered to users' inboxes via .doc, .xls and .ppt documents. Unsurprisingly, it's the older versions of Office that have been the hardest hit: since January of 2006, Microsoft has released 20 bulletins for code-execution vulnerabilities in Office 2003.

It should come as no surprise, then, that Microsoft is as fed up as you are. The company has announced that it plans to release a software tool called MOICE (Microsoft Office Isolated Conversion Environment), which will allow users of older versions of the Office suite to convert their documents to Microsoft's new OpenXML file format while stripping out any elements that could pose a security risk. MOICE essentially aims to kill two birds with one stone and by creating a "safe, quarantined sandbox environment," ensures that viruses won't make their way from the document to the local drive. Microsoft actually laid the foundation for MOICE during this past Patch Tuesday when it issued an update for group policy that allows an administrator to control what types of files users are allowed to open. When used in conjunction with group policy, MOICE can automatically update and disinfect all legacy documents that users attempt to open. "We recommend that organizations who are concerned about targeted file format attacks, and are interested in achieving the very highest levels of security consider deploying [the MOICE tool]," a Microsoft spokesman said.

For more on MOICE:
- see this ZDnet blog entry