Office 0-Days And The People Who Love Them! presented at BlueHat 2007

by Robert Hensing ( Microsoft ),

Tags: Security

Summary : In 2006, MSRC received an unprecedented number of vulnerability reports for Office 2003. Some of these vulnerabilities were used in targeted 0-day attacks against our customers.
In this presentation I will show you what it was like to be a victim in such an attack by running an actual malicious PowerPoint file sent to a customer, while examining its effects on the system with Process Monitor and Process Explorer. Then I will demonstrate what customers can do to reduce the risk from these types of attacks by opening the document again with the Microsoft Office Isolated Conversion Environment and FileBlock configured.