Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft releases Office 2003 SP3 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft releases Office 2003 SP3

As Jason announced in his diary on MOICE yesterday, Microsoft has today released Office 2003 SP3. This service pack includes a roll-up of several existing security fixes, but also makes some behavioral changes that affect security:

  • Office can now no longer by default open certain older document formats, which include Coreldraw and older Powerpoint versions (pre-97). This significantly reduces the amount of attack surface;
  • Older COM components that behave in a non-appropriate way may no longer have the same level of access as they did in the past (KB 938814);
  • Administrators can now, through the registry, configure Office to no longer allow certain COM components. They also have the ability to block the opening of files older than a certain Word version (KB 938815 and 938810)

Plenty of other changes apply, this is not a complete list. Read more at Microsoft.


158 Posts
Sep 19th 2007

Sign Up for Free or Log In to start participating in the conversation!