Security takes center stage including allowing users to control which macros run in legacy Excel files, potentially blocking malicious code.

J. Nicholas Hoover, Senior Editor, InformationWeek Government

September 18, 2007

2 Min Read

Office 2007 may be here, but Microsoft hasn't forgotten that not everyone is a late adopter. The company Tuesday released the third service pack for Office 2003, pushing out what amounts to a significant security and compatibility upgrade via a free download.

"Microsoft Office 2003 Service Pack 3 is the culmination of several years of improvements in the product suite," the company said in a Microsoft white paper issued upon the service pack's release. "SP3 improves the productivity and user experience of home and office users, strengthens defenses against malicious software, and helps IT administrators comply with regulations and protect confidential information."

Security is clearly job number one for Office 2003 SP3, as the service pack contains a laundry list of security patches and upgrades. For example, instead of letting in macros willy-nilly in Excel, SP3 instead lets users control which macros run in legacy Excel files, potentially blocking malicious code. Of course, as is the case in most service packs, SP3 also patches known security holes.

There are also new tools to help IT administrators protect against social engineering attacks.

"Stymied by filters and firewalls that block automated attacks, hackers are shifting their focus to the applications, especially common desktop software," Microsoft said in its white paper. "These attacks depend largely on social engineering -- convincing a user inside the network to unwittingly install malicious software or otherwise take actions that compromise security."

One allows administrators to control what types of files users can download and open. Another, the Office Isolated Conversion Environment, converts, and scrubs documents to get rid of "malicious" code.

Microsoft has also worked to improve Office 2003's compatibility with Windows Vista, Internet Explorer 7, and Office 2007. Project 2003, for example, can now read Project 2007 files. InfoPath allows auto-complete in Internet Explorer 7 when running on Windows Vista. OneNote 2003 works better with Internet Explorer 7 than it did previously.

Microsoft said it has heavily tested the service pack for compatibility with other apps, including products from SAP and Hyperion, but acknowledges a few of the patches could actually harm compatibility. The service pack adds the capability to test add-ins that use ActiveX controls and the Microsoft component object model. However, it blocks what it deems as insecure components, so it could break some plug-ins.

Finally, Microsoft included a number of smaller patches in SP3, many of them requested by users to address outstanding performance and stability issues, among others. One of these gets rid of screen flickers in Access 2003. Another lets users copy and paste text from a Web-based e-mail account without Word 2003 occasionally crashing.

About the Author(s)

J. Nicholas Hoover

Senior Editor, InformationWeek Government

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights