The Microsoft Office Isolated Conversion Environment tool is designed to bulletproof Office 2003, but it comes with the inherent shortcomings of an extra layer of security, added artificially like another limb on a Frankenstein creation. Security was not the focus of the Office 2003 productivity suite, not in the sense of the Office 2007 System. Therefore, MOICE is not an integer part of the application, but a security barrier taking advantage of the Office 2007 metro format, on top of Office 2003.

Consequently, MOICE will heavily impact user workflow. This is because of the functionality delivered by the tool. "the 2007 Office system’s new "Metro" file format received lots of additional security testing time and is more resilient by design to file format-based attacks. The code in the Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats which parses legacy documents to convert them to the new format has been through this same rigorous security testing cycle as the 2007 Office system. Bottom line, the new stuff is much safer. And now with the MOICE tool, those of you have not yet upgraded to the 2007 release can take advantage of these enhancements today," revealed a member of the Microsoft Security Response Center.

.doc (Word document); .xls (Excel spreadsheet), .xlt (Excel Template), .xla (Excel Addin), .ppt (Powerpoint document), .pot (Powerpoint Template and .pps (PowerPoint slideshow) will all be converted to the new Office Open XML file formats. The conversion process is restricted to an isolated environment with low privileges that will help contain eventual exploits, targeting the tool itself. Once the first step of the process is completed, the files are re-converted to the legacy binary format.

In this context, a performance penalty is inherent. Pre-processing each legacy document, and then converting it back and forth between Office 2003 and OOXML formats will take time. And the larger the document, the longer the period for the conversion. But, in addition to this downside, MOICE is also susceptible to misinterpreting document formats because of their name and type. Microsoft's solution? Strong restrictions on Office 2003 and Office 2007, via the File Block Functionality.

"Because a malicious user could try to bypass this conversion by renaming his malicious evil.doc file to evil.rtf, it’s also important to block other file types not handled by MOICE that Office still opens. That’s where the restricting open and saving types of files comes in: to block RTF and other file types not in the list above. The combination of MOICE + restricting opening or saving types of files helps to ensure that all files in the legacy binary file format go through this isolated conversion process before regular Office operates on them," added the MSRC member.