Future zero-day attacks on Microsoft Office are going to expire soon, according to Thomas Dullien, a security researcher at Sabre Security. Windows users upgrading to Vista will have a lot less to worry about new vulnerabilities in Microsoft Office.
The new security features introduced in Vista, particularly Address Space Layout Randomization (ASLR), prevent attackers to create successful client-side exploits of Microsoft Office file format parsing bugs. The ASLR technology shifts the start address of frequently used code libraries after every system restart.
“As a result of this, client-side bugs in MSOffice are approaching their expiration date”, said Dullien in a post to his blog. “Not quickly, as most customers will not switch to Vista immediately, but they are showing the first brown spots, and will at some point start to smell.”