Data Sanitization v5.3 Release

Highlights

  • Sanitization of recursively embedded documents in Microsoft Office 2007 documents
  • Sanitization of Calendar data files: iCalendar (.ics) & vCalender v1.0 (.vcs)
  • Enhanced EMF/WMF sanitization 
  • Improved image sanitization to prevent advanced steganography attacks
  • Many more enhancements

Sanitization of recursively embedded documents in Microsoft Office 2007 documents  

Embedded Microsoft office documents are now commonly used. For example, a Microsoft Office Word file or PowerPoint presentation file can contain an Excel spreadsheet to generate a graph. This functionality can also be used by an attacker as a way to embed malicious code or exploit a Microsoft Office vulnerability. While multiple levels of embedded objects are not typical, they are possible, so we are now providing  a configuration to accommodate this functionality. The 5.3 release supports this feature for Microsoft Office 2007 (e.g., docx files), and we plan to expand this support to the Microsoft Office 97-2003 version (e.g., doc files) in an upcoming release. 

Sanitization of Calendar data files: iCalendar (.ics) & vCalender v1.0 (.vcs)

iCalendar (vCalendar v2.0) and vCalendar (vCalendar v1.0) files are commonly used to exchange meeting invites. We believe there is a strong possibility of hackers using these file formats to penetrate our customers’ security defenses. The risk with these files involves external attachments as well as Microsoft’s Dynamic Data Exchange (DDE) functionality. With this release, we introduce the ability to sanitize meeting invite files by removing attachments and DDE from files, so that potential risk is eliminated. External attachments are recursively sanitized, similar to Microsoft Office document recursive sanitization. Now you can feel safer when accepting meeting invites. 

Enhanced EMF/WMF sanitization 

We released initial support for Windows Metafile Format (WMF) and Enhanced Metafile Format (EMF) in v5.2.5. After additional field testing with more samples, in this release we are improving the sanitization performance in terms of file size and quality of sanitized images. WMF/EMF files are used in many cases such as embedding images in Microsoft Office documents, so WMF/EMF sanitization performance improvements ultimately improve the sanitization performance for Microsoft Office documents which contain these images. As a result, we are proud to release the new higher performance sanitization engine. 

Improved image sanitization to prevent advanced steganography attacks

If you are not familiar with the concept of steganography, please refer to this article. As the use of steganography increases, we have been continuously researching ways to secure it. In this release, we are  adding countermeasures to some more sophisticated steganography related hacking tactics, with improved support for the following file types: 

  • JPG, PNG, GIF, TIFF, and BMP.

Many more enhancements

  • Extended file support that now includes Ichitaro Document to Compressed format (JTDC), a compressed version of JTD
  • Enhanced PDF sanitization functionality, including handling of digital signatures, JavaScript, form fields, and layers

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.