The Microsoft Office Visualization Tool is an integral part of the Redmond company's security strategy, adapted to counteract the evolution of the threat environment, specifically the increasing focus attackers place on file format-based vulnerabilities and exploits. In this sense, OffVis is designed to equip IT professionals, but also security researchers and security product vendors with the resources necessary to get an insight into the Microsoft Office binary file format. Microsoft explained that the tool enables users to deconstruct .doc-, .xls- and .ppt-based targeted attacks.
Statistics made available in the Microsoft Security Intelligence Report, Volume 6, issued in April 2009, indicate that 91.3% attacks against Office documents involve exploits for a single vulnerability, which users could have already patched via a security update offered over two years ago. OffVis can, in this regard, be used by professionals to further boost user protection against attacks involving Office binary files. Microsoft explained that the tool is capable of graphically illustrating key data structures and records for Office Word, Office PowerPoint and Office Excel, streamlining access, as the records can be navigated easily. In fact, just by hovering the mouse over an Office document sample the Microsoft Office Visualization Tool will deliver a deep view of that specific binary file format.
While the Microsoft Office Visualization Tool has been made available for download today, July 27, 2007, a date that coincides with the Microsoft at Black Hat USA 2009 event, the software giant has already allowed members of the Microsoft Active Protections Program (MAPP) program to test it. The tool streamlines the visualization and understating of vulnerabilities associated with the Office binary file format and will simplify the process of writing detection signatures for security solutions.
“This was first an internal tool used to help triage file format-related security vulnerabilities in Microsoft Office,” the Redmond company noted. “Microsoft then offered OffVis to participants of MAPP to test. Security researchers and IT administrators now also will be able to use it to further understand file formats and identify relevant areas where they can invest their efforts. The tool is able to parse the complete file format and also directly identify recent publicly exploited vulnerabilities using the Common Vulnerabilities and Exposures list.”
Microsoft explained that OffVis was born out of the need to help offer better protection to end users, by ensuring that customers and partners could put the structure of file formats, as well as the associated vulnerabilities and exploits “under the microscope.” The end purpose is to enable the ecosystem of security product providers to not only build more efficient signatures, but also to catalyze the evolution of malicious code analysis and better the detection of exploits.
No comments:
Post a Comment