Skip to content

MOICE is a mess

The new security features, announced by Microsoft might work OK — but who can tell?

Microsoft has announced two ‘new’ security features for Office 2007 and Office 2003 users. They are claimed to help protect against ‘zero-day’ exploits in Office documents – in other words new security holes that Microsoft has not had a chance to patch.

As usual, Office Watch isn’t content just to reprint Microsoft’s announcement. We prefer to check out the items for ourselves so we can tell our readers what Microsoft has done, as opposed to what they say.

In this case there’s a whole can of worms behind Microsoft’s latest “good news”. The web pages on these two new features are confusing and contradictory – even allowing for these patches being aimed at advanced users – it’s a mess. This has happened before (too many times) and we expect that the pages will be quietly updated when someone in the Office team bothers to read what’s on the web site.

We’ve posed questions to Microsoft to try resolving some of the peculiarities in their online documentation, but we don’t expect to hear back soon, to be fair, because it’s the middle of the night.

Check out our web site for ongoing coverage of this as information comes in. We’ll update the articles as new details come to light.

The bottom line, for the moment, is this:

Don’t touch either offering with a proverbial barge pole.

At least not until the documentation is clearer and you’ve carefully weighed up the pros and cons of rolling this out to users.

In the meantime here’s what we know or can figure out to date …

Opening .doc .xls .ppt and other ‘old’ Office documents from unknown or unexpected sources can be unsafe (if you open a hacked document) these new tools from Microsoft are designed to either:

  • Convert the document to the Office 2007 document formats (.docx .xlsx etc) in a ‘isolated’ environment which is purported to reduce the risk of a hacked document becoming active.
  • Block particular file extensions (like .doc .xls etc) from being opened in Office 2003 or Office 2007. In other words, force users to convert the document to Office 2007 format before opening them.

The conversion is handled by MOICEMicrosoft Office Isolated Conversion Environment. It’s sometimes called OICE more info.

Blocking certain file extensions is handled by ‘File Block Functionalitymore info.

Though Microsoft has announced these innovations, the documentation and download links don’t glisten with rectitude. For this reason alone we suggest you DON’T start using either of these tools.

They appear to be mostly targeted at corporate users to prevent accidental infection though hacked documents.

The features are either available now or you will download them with other patches from Microsoft. But to make them work, you have to either change the file associations or tinker with specific registry keys. Network Admin can do this via group policies but individual users might decide it’s too much trouble.

In addition there are significant limitations and problems with MOICE and File Block which probably make it more trouble than it’s worth. They are supposed to be separate tools however looking at the documentation implies there is some overlap.

These offerings are part of the obvious Microsoft strategy to push customers to their new ‘safe’ document formats. It’s also an effort to reduce Microsoft’s responsibility for the continuing ‘zero day’ problems – the company can simply point to these tools and shift the blame to customers for not protecting themselves.

Check out our articles on MOICE and File Block for more information as it comes to light.

About this author