Partager via


Office 2010 Application Security

Hello, my name is Brad and I work on the Office security team; we focus on a couple of key areas: building security features that improve the Office product line and driving the security engineering process across the division as part of the Security Development Lifecycle (SDL).

I would like to start with a high-level introduction of several of the new security features in Office 2010, what our goals are, and how we think about them. Because shipping Office isn’t about how we think about it, but instead how you think about it, feel free to ‘send a smile’ with the Technical Preview and let me know if we hit the mark.

Staying ahead of hackers

To start things off, ‘Why?’ is always a good question. Why did we spend time doing anything in this space, and to what end? Well, as the security landscape has been changing, Office has had the misfortune of becoming one of the next big targets for hackers to attack. They have been going after many of our file-format parsers and how we read Office files. They’re looking for ways to exploit bugs and to get their code running on your machine. We have done a lot of work to find and fix bugs, but we can’t find everything. We have to take a more proactive approach and build Office to be more resilient to attack.

To do that, we have designed what we have been referring to as a new security workflow, a layered defense that Office documents have to go through as part of the File Open process. We strive to make this process as invisible as possible. This means no noticeable delay in open times, as well as no dialogs asking you how you feel about security.

File Block improved

The security workflow we designed has several key features that we believe achieves the goals. First, we have improved our File Block feature that was introduced in Office 2007. We now have a way to configure it in the application and have a finer level of granularity to manage how Word, Excel, and PowerPoint open their file types.

Office File Validation: integral and non-intrusive

Another feature is our new binary file-validation system, which call Office File Validation. Since the vast majority of the exploits have focused on our older file formats, pre-dating our XML versions, we built a system that can validate those files to make sure they conform to the documented format, before they are opened by Word, Excel, or PowerPoint. This is something we did in Publisher 2007, which worked out pretty well. Office File Validation is an integral part of Office that on most days, you would never know exists.

The next question is ‘What do you do with those blocked or invalid files?’. Well, if we just blocked a file and said it was invalid, you would probably be pretty curious why it was invalid, or if maybe we made a mistake. Or, you may be sure you know what it is, and still need to read it. Denying you access to these files doesn’t really meet our goals, so we also built another system we call the Protected View.

Protected View: more security, less annoyance

Protected View is a way for us to show Word, Excel, and PowerPoint files to you, but without all of the worry about those files being dangerous. We build up a read-only view of the document in an isolated sandbox, which has minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.

By tying all of these features together into a layered defense, any file that reaches your machine will get inspected for the file format being blocked, tested for validity, and maybe shown in a read-only protected state. All this happens in real time, with an indistinguishable performance impact on your load time, and you can open these Office files without worry.

The other goal to make these features and workflow successful is that they don’t get in the way and instead have a positive impact on your experience. That means fewer dialog boxes and less information that is not actionable. We need to make security smart enough to get out of the way when its job is done. To do that, we have made files that open in Protected View remember when you chose to trust them, so you don’t have to re-trust them next time. You are not less secure; you’re just less annoyed (hopefully!).

In future posts, my team and I will be digging into these and other features to explain how they work and give some insight into how to get the most out of them for system administrators. Stay tuned, and give feedback if you want to hear more about a specific security feature. We hope you enjoy using Office 2010, as much as we have enjoyed working with you toward its creation.

Thanks,

Brad Albrecht

Senior Security PM
Office Trustworthy Computing

Comments

  • Anonymous
    January 01, 2003
    The Office IT blog is continuing to provide great insight into the development process that occurs behind what has been a leaded curtain for so long.  For developers who are able to read between the lines, there are some gems in there for us to extrapolate and start using in our own works. http://theycallmemrjames.blogspot.com/2009/07/more-on-office-2010.html

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    I've got a Word 2003 template I'm trying to open and OFV repeatedly tells me there's a problem with it.  I'm told it can't be opened and seems to say it's because there are macros in it that could be malicious.  That that doesn't seem to be the reason -- I'm able to open other 2003 templates with macros.  So I assume it's corrupt in some way.  But this error message is quite insufficient to instruct me on how to proceed.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Wow!  Really seems like you've got it all right.  I'm always worried about my family opening documents without first asking themselves if it is "safe".  I really like where I see Office 2010 heading and really excited to see the final product.

  • Anonymous
    October 24, 2009
    Will Office 2010 (Word & Excel)be HIPAA compliant via cloud computing?

  • Anonymous
    November 02, 2009
    This feature will cause major problems for my company as currently implemented! I'm getting the following error message when attempting to create a new document from a Word template (.dot): "Office File Validation detected a problem while trying to open this file. This file could potentially contain harmful content and has been blocked from opening." These templates contain code (macros) we developed and work on other systems. Details:

  • VBA code signed using a 3-year certificate from GoDaddy, expiration in 2012.
  • Word 2007+: Trusted Locations include a directory 1 level above that containing the template, with sub-folders Allowed. The error dialog has a 'Help' button, but (surprise, surprise, surprise) does not provide any relevant or useful help. What do we need to do to satisfy MS Weird 2010?
  • Anonymous
    November 04, 2009
    To Scott Holmes - the File Validation feature is still getting dialed in and has a higher false positive rate in the Tech Preview than it will when we ship. One thing you can do to help us dial it in is to send in the file that is failing validation. You should be getting asked to submit the file when you exit Word. If you'd rather, you can simply email me the file at bencan_at_microsoft_dot_com and we can see if the file is still failing validation and why.

  • Anonymous
    November 19, 2009
    Espero que seja facil e bom de trabalhar,tambem gostei do programa de 2007. O meu muito obrigado pelo vosso esfoço.

  • Anonymous
    November 21, 2009
    I too am getting "Office File Validation detected a problem while trying to open this file. This file could potentially contain harmful content and has been blocked from opening." after I have saved the file as a trusted template. I'm not willing to send you the file, it has proprietary company info. The file works fine in Word 2007. If I am trusting it you should not be blocking it!!

  • Anonymous
    November 22, 2009
    The comment has been removed

  • Anonymous
    November 23, 2009
    Will Excell 2010 have improved VBA Security?  While I can currenlty lock an Excel file so that it is almost unbreakable, we have very weak protection on the password to protect viewing of VBA code.  Will this be improved with strong encryption in 2010?

  • Anonymous
    November 27, 2009
    The comment has been removed

  • Anonymous
    December 04, 2009
    Getting a  Office File Validation error on a excel file that was opening fine through the beta 2010 version yesterday and for weeks prior.  I can still open the same file on a different computer with office 2007 on it, so I don't know what the problem is or what to do to fix it.

  • Anonymous
    December 06, 2009
    The comment has been removed

  • Anonymous
    December 06, 2009
    The comment has been removed

  • Anonymous
    January 06, 2010
    word 2010 crashes every time if I select the file option. But other applications work fine with out any problem

  • Anonymous
    January 21, 2010
    a

  • Anonymous
    January 23, 2010
    Same problem here, Excel simply refuses to open a file claiming there is "a problem" with it; I don't even get an option re protected view. And even worse, attempting to add a location to Trusted Locations results in a curt rebuke along the lines of "Microsoft arent going to allow you to do that on your machine for security reasons"?? How much control does Microsoft want to exercise over people?  2010 is being uninstalled right now.

  • Anonymous
    January 30, 2010
    When I open my file, one Notice appears : "The Office File Validation feature has blocked this file from opening as it may contain harmful content." I don't know what the problem is. How can I solve it? Thank for your help!

  • Anonymous
    February 08, 2010
    I resolved the problems I was having (excell not allowing a file to open) by adding the file location to "trusted locations" in the trust center. Might give it a try........

  • Anonymous
    February 27, 2010
    Im also having troubles with word beta crashing all the time few seconds after opening

  • Anonymous
    March 07, 2010
    word 97 autotext files will not open File validation error

  • Anonymous
    March 08, 2010
    Ditto what James Hutchens said. I added the location as a trusted location and now it works.

  • Anonymous
    March 15, 2010
    This is about the only place it seems we can feedback problems to you illustrious and glorious MS development team on the subject of Office 2010. The questions is why(unlike previous Beta versions of Office)does perfectly good VBA code developed and tested in Office Suite 2007 and 2003 no longer work properly in 2010? The second question is why is the standard of Help on this product so pathetic?

  • Anonymous
    April 05, 2010
    I'm getting the following error message progressively in all my PPTs: "Office File Validation detected a problem while trying to open this file. This file could potentially contain harmful content and has been blocked from opening." The message should say what to do to fix the issue. Blocking with no way out is unacceptable. Unless I receive a workaround I will be forced to abandon MS Office 2010. Many messages above mention the same issue. Is MS taking care? After the Vista scandal MS should take problems seriously.

  • Anonymous
    April 15, 2010
    The comment has been removed

  • Anonymous
    April 20, 2010
    EVERY file attachment I attempt to open from Outlook gives that warning and will not open. Example: Word do attached to e-mail. I click to open. I get the error "Office has detected a problem with this file... cannot be opened" message. It doesn't give me an option do use protected view. I click OK to the error message, go back to the e-mail and double-click the attachment and it opens fine. What a pain. I have gone into the Trust Center and unchecked all the options. Still same problem. EVERY attachment I try to open behaves the same.

  • Anonymous
    April 22, 2010
    The comment has been removed

  • Anonymous
    April 25, 2010
    I don't have 2010 yet.  However, if the first poster is correct, I must echo his statement.  Sheet level security is critical to me.  I've developed an 'application' within an excel file with all the intellectual property aspects hidden and 'protected'.  Our intent is to resell this template.   Yes, an Excel expert could eventually build a workbook that mimicks what we have built - but they should have to work as hard for it as we did, rather than be able to steal it.   It is also a valid point that we could have built it using C# and distributed it as an executable, but that's extra work and customer support.  

  • Anonymous
    May 11, 2010
    The comment has been removed

  • Anonymous
    May 13, 2010
    Hi development Team, I am facing problem in opening the excel file through IE6.0 SP3. When i open the files, IE(may be)creates index inside content.IE5. when i open it from IE and this local temp temp directory. It results in : .xls file locked for editing by 'userName'. I googled but didn't find any working solution. This problem is only with excel file and IE6 SP3.

  • Anonymous
    June 24, 2010
    Nice post.Keep it up!

  • Anonymous
    August 05, 2010
    Will Excell 2010 have improved VBA Security?  While I can currenlty lock an Excel file so that it is almost unbreakable, we have very weak protection on the password to protect viewing of VBA code.  Will this be improved with strong encryption in 2010?<a href="www.isisandosiris.in/">Seeking Women</a>

  • Anonymous
    September 06, 2010
    We've have been looking for some insight as to how to continue to deliver PowerPoint files which contain VBA code that is inserted by our flag ship product ActivePresentation Designer.  Prior to Office 2010, we invested in digital certificates from VeriSign to give users the ability to trust us a publisher, a one time operation that meant no further security alerts were displayed.  With the advent of Protected View, this benefit for our company seems to have vanished which means the products we have developed no longer work as we are unable to deliver any of these types of products from our web site without users having to understand this new MSO feature and hence we loose them almost instantly or they create additional support costs for us.  Is there a commercial grade solution to this issue that disabled Protected View when a publisher is know to be legitimate?