Remove Legacy File Formats
To increase security for users, removing the ability to open legacy file attachments such as Word 97-2003 and older formats or Microsoft Works. Both formats have long been retired for over a decade. The legacy Word DOC format is a cesspool for bad actors to embed malcious code without the same level of security controls that the new DOCX format provides. This legacy file format needs to be removed.
I would suggest that it be moved to a separate utility that converts the documents to DOCX or DOCM depending on the content.
Andrew MacKenzie commented
It's a new year with new virii being spread using this legacy format. Is there any progress on having this format ended?
A couple more thoughts on how to handle:
1. When opening a legacy .DOC file, require conversion to DOCX prior to opening. This ensures the file is free of macros. Then delete legacy .DOC file after successfully updating.
2. When opening a legacy .DOC file with a macro, present a large RED screen warning the user the file may contain malware and provide the option to stop similar to when accessing a malicious website in Edge. Include the ability for admins to set a GPO that will block a user from being allowed to proceed at all.
3. When files are uploaded to Microsoft 365, automatically convert to DOCX/DOCM. Do not allow for uploading of legacy.
Let's make the Internet safer and help organizations stop spreading these old formats.