Office 2003 gets security upgrade

Microsoft plans to make some of the security improvements and features it built into Office 2007 available for Office 2003, a company representative said on Thursday.

Service Pack 3 for Office 2003 will be focused on security, said Joshua Edwards, a technical product manager for Office at Microsoft. Edwards said in an interview with silicon.com sister site CNET News.com: "We're trying to take what we learned from building Office 2007 and bring as much as we can to Office 2003."

Microsoft hasn't yet set a release date for the Office 2003 update, which like other service packs will be available as a free upgrade. Also, there are no details of what will be in the update, other than that Microsoft is 'backporting' work it did for Office 2007.

Discussing what might be in the update, Edwards said: "We're not going to take everything but we will take as much as we can."

Many of the changes will be invisible to users, hardening the applications and file parsers against attacks, Edwards said. Such changes under the hood could help protect against attacks that exploit security vulnerabilities in Office applications. Such attacks appear to be on the rise, in particular where specific organisations are targeted.

However, some user features may also make it to the older version, including the ability to select a preferred encryption mechanism. For example, in Office 2007 it is possible to replace the standard AES encryption with another, such as Suite B, which is a feature the US government requested, Edwards said.

Joris Evers writes for CNET News.com