How Do You Handle New MS Word Vulnerabilities?

chipperdog asks: "With yet another zero-day exploit of MS-Word document files, what are fellow system admins doing to protect themselves against these threats? I have been blocking all .doc and .dot at the mail and proxy servers until malware scanners have signatures to detect and block the malicious files. Of course, this caused a uproar with the users, as there were continuous calls like: 'When can I send and receive Word files again' and 'I can't get anything done if I can't send/receive Word files'. Any suggestion of sending documents in different formats (like rtf, html, txt, or pdf) results in even more creative user 'feedback'. Has anyone done anything creative in their handling of word files — like having qmail-scanner pipe all .doc attachments through something such as wv to convert them to a less exploitable format?"

You can't...

[Otter]

You can't suddenly cut off the exchange of Word documents in any modern business. Unless you can justify bringing your company to a halt over some vulnerabilities with no real-world risk, you just can't do it.

MIMEDefang.. customize mimedefang-filter

[jayjay_1978]

Setup MIMEDefang to convert M$ word attachments to PDF using openoffice.
Any attachments with a .doc extension or a mimetype of application/msword go through this process.
Also to reduce the overhead, get the sha1sum for the word document, and save the pdf to .pdf
Before any documents are converted with openoffice, get the sha1sum. if a .pdf already exists, use that file.

This stills allows people to get the content, which is most of the time, all they want.

There is also a program called antiword that will convert ms word documents to text, PDF, or PostScript.
But openoffice does a better job.