Skip to main content

Microsoft extends dodgy Office file detection

Microsoft has deigned to lift a finger to offer users of older versions of its Office software suite the same protection from file format exploits as users of Office 2010.

Office 2010 contains a file validation tool which scans and validates Office files to establish whether they have been tampered with.

In an advisory Microsoft said it is extending the use of the Office File Validation feature to supported editions of Microsoft Office 2003 and Microsoft Office 2007.

Microsoft said the feature is designed to make it easier for customers to protect themselves from Office files that may contain malformed data, such as unsolicited Office files received from unknown or known sources, by scanning and validating files before they are opened.

The Office File Validation feature now applies when opening an Office file using Microsoft Excel 2003, Microsoft PowerPoint 2003, Microsoft Word 2003, Microsoft Publisher 2003, Microsoft Excel 2007, Microsoft PowerPoint 2007, Microsoft Word 2007, or Microsoft Publisher 2007.

The tool helps detect and prevent file format attacks, in which the structure of a file is modified with the intent of adding malicious code.

"If Office file validation detects that a file's structure does not follow all rules described in the schema, the file does not pass validation," Microsoft said.