Office 2010 File Validation Security Feature Backported to Office 2007 and 2003

Microsoft is getting ready to deliver an additional layer of security to customers running Office 2007 and Office 2003 next year.

The Redmond company announced that in early 2011, a piece of the Office 2010 security evolution will be backported to the previous two versions of the productivity suite.

In this manner, Office 2007 and 2003 users will also be able to take advantage of the extra protection added by File Validation.

“First released in Office 2010, Office File Validation provides a check of file-format binary schema as each file is being read,” revealed Carlene Chmaj, Microsoft Trustworthy Computing, Senior Response Communications Manager.

“If it detects an issue, it opens the file in Protected View. This helps prevent unknown binary file format attacks using Microsoft Office 97-2003 file formats for Word, Excel, Publisher, and PowerPoint.”

Chmaj added that Office File Validation will be offered to the two predecessors of Office 2010 sometime in the first quarter of 2011, although a specific availability deadline wasn’t provided.

The software giant is however advising customers, especially enterprises, to start getting ready for the upcoming security enhancements to Office 2007 and 2003.

However, it’s important to note that the only way to get all of the security improvements in the latest version of Microsoft’s productivity suite is to upgrade to Office 2010.

Despite the fact that File Validation will be backported to Office 2007 and 2003, this move does not bring the two releases of Office on par with Office 2010 in terms of security.

“Once this enhancement is installed, Office 2007 and Office 2003 users will see two significant benefits:

•The File Validation functionality will now be available. This feature will verifies the contents of .doc, .xls, .ppt and .pub files as they are being read, and if it detects an issue, display a warning informing the user that there is a potential issue with the file.

•At some point in the future, Microsoft anticipates issuing "signature files" that provide new information for use by the File Validation functionality. These signature files will typically include information that File Validation can use to detect previously unknown vulnerabilities in files, and warn the user appropriately.

It is anticipated that installing a signature update will be less disruptive than deploying a Security Bulletin, especially for large Office deployments,” explained Bob Fruth, MSRC Security Program Manager.

Office Home and Business 2010 RTM Build 14.0.4760.1000 is available for download here.

Office Home and Student 2010 RTM Build 14.0.4760.1000 is available for download here.

Office Professional 2010 RTM Build 14.0.4760.1000 is available for download here.