for those who don't already know, Office 2003 Service Pack 3 has been released a few days ago.
With Office 2003 service pack 3 your Office suite will work better with Windows Vista, you will be able to exchange files with Office 2007 system, it includes security updates that have been released separately and has stability improvements based on Microsoft product support feedback and Microsoft online crash analysis.
This service pack has major security changes as well to harden the Office suite and reduce the attack surface and possible threats.
Some of these changes can be found on the add-ins, ActiveX controls and COM add-ins that use the QueryInterface() method. When an Office 2003 program is started some tests are performed to validate response of the QueryInterface() method and if the test fails the functionalities may be reduced or even blocked.
Follow the link below for additional details about add-ins, ActiveX controls and COM:
Also to improve security the Office 2003 Service Pack 3 integrates two tools that were already released during this year such as MOICE (Microsoft Office Isolated Conversion Environment) and File Block.
"When MOICE and File Block are used together they are an effective mitigation strategy for customers when the threat of attack using certain Office types exists. This enables customers to continue using Microsoft Office with a high degree of assurance that the files being opened are considered safe and will not infect users with malicious software."
"The Microsoft Office Isolated Conversion Environment (MOICE) uses the 2007 Microsoft Office system converters to convert Office 2003 binary documents to the newer Office open XML format. The Conversion process helps protect customers by converting the Office 2003 binary file format to the Office open XML format in an isolated environment. In summary, MOICE provides a mechanism for customers to pre-process potentially unsafe Office 2003 binary documents, by virtue of the conversions process it provides customers with a greater degree of certainty that the document can be considered safe."
About File Block:
"The File Block Functionality for Microsoft Office 2003 and the 2007 Microsoft Office system allows administrators to restrict via registry and Group Policy specific Office file types that can or cannot be opened when using Microsoft Word, PowerPoint, and Excel. Blocking specific Office file types allows administrators to temporarily deny users the ability to open certain files, such as when a threat of attack from a given Office file type exists."
For complete details about MOICE and File Block check the security advisory 937696 on the link below:
Because there are a few changes on the default behavior of Office applications to improve the security were some features are now disabled by default and the COM access is more restricted, before any mass deployment in your corporate environment or any critical workstation, you should test and validate on lab the compatibility with any custom components that use Add-ins for business applications or workflows.
For a complete list of changes on the default behavior of Office applications just check the Office 2003 service Pack 3 download link.
Links to download the Service Pack 3 of Office 2003 suite, applications and viewers:
Office 2003 Service Pack 3 (SP3)
Office 2003 Service Pack 3 (SP3) for Proofing Tools
Visio 2003 Service Pack 3 (SP3)
Project 2003 Service Pack 3 (SP3)
OneNote 2003 Service Pack 3 (SP3)
Outlook Live 2003 Service Pack 3 (SP3)
Word Viewer 2003 Service Pack 3 (SP3)
Excel Viewer 2003 Service Pack 3 (SP3)
R-Tape Loading error,