A wave of attacks targeting Microsoft Corp.’s Office 2003 last year taught the company some tough security lessons it’s now aggressively applying, a Microsoft software engineer said today.
“When Office 2003 shipped, we thought we’d done some good work and that it would be a secure product,” said David LeBlanc, a senior software development engineer with the Office team. “For the first two years after release, it held up really well, only two bulletins. [But] then people shifted their tactics and started finding problems in fairly large numbers.”
LeBlanc, one of the proponents of Microsoft’s Security Development Lifecycle (SDL) initiative, and Michael Howard, the co-author of Writing Secure Code for Vista, referred to the spate of attacks in 2006 that exploited numerous vulnerabilities in Office 2003’s file formats. The suite’s core applications — Word, Excel and PowerPoint — were all patched multiple times last year.
Microsoft, Microsoft Office, Office 2003, Fuzzing, SDL, Microsoft Security