Preventing GetObject From Getting A Running Instance?

[Stewart Berman]

Office 2007

Is there a way to start any of the Office products and prevent any other
process from getting and using a pointer to the running application.

For example:
I have a password protected document and I open it with the corresponding
Office product and provide the password.
Another application running at the same time can use GetObject and retrieve
a pointer to the running Office product and access the contents of the
document without having to provide a password.

Is there a way to prevent this? That is, is there a way to mark a running
instance of a program as not sharable?

 

[Colbert Zhou [MSFT]]

Hello Saberman,

So you are trying to prevent virus or spy application stealing information
from the Word, right? I understand the requirement and it makes sense to me.

A quick idea is launching the Office application as Administrator privilege
with UAC turned. Then the Office application is run under high integrity
level. A common launched application(medium integrity level) cannot call
GetObject to automate an high integrity level application. This is the
simplest and most straight solution to the scenario.
http://msdn.microsoft.com/en-us/library/bb625962.aspx (See the section of
COM is integrity aware)

A more aggressive way is disable the Activation permission in Component
Services.
http://technet.microsoft.com/en-us/library/cc771916.aspx


Best regards,
Colbert Zhou
Microsoft Online Community Support

 

[Stewart Berman]

A quick idea is launching the Office application as Administrator privilege

with UAC turned. Then the Office application is run under high integrity
level.

Questions:
1. How do I launch the Office application as Administrator privilege? Do I
need to make a copy of the Office application and use icacls to set its
integrity level to high?
2. If it is launched with Administrator privilege what happens if the user
is not a member of the Administrators group?
3. What does "with UAC turned." mean?
4. Finally, what about XP based users? (Yes I know it is not considered a
live product but Microsoft still releases security patches and this is a
security issue.)

 

[Colbert Zhou [MSFT]]

1. We can start Office application as Administrator privilege using the
following codes,
-----------------------------------------------------------------
Dim p As New Process
p.StartInfo.FileName = "C:\Program Files\Microsoft
Office\Office12\WINWORD.EXE"
p.StartInfo.UseShellExecute = True
p.StartInfo.Verb = "runas"
p.Start()
-----------------------------------------------------------------

3. Sorry. I mean run Office as Administrator privilege when the UAC is
turned on.

2, 4. What about my second suggestion, the Activation Permission
configuration in Component Services? We can configure only Administrator or
desired user can have COM activation permission for Office Word. In this
case, all Office automation application runs well if it is executed under
correct user. But when other user want to GetObject on Word running
instance, it fails for security exception. The main task of preventing
information leak is making sure the system safe. The risk
application(virus/spy) should not be installed and executed using
Administrator account. That is a Anti-Virus software's job.

Have a nice weekend, sir!


Best regards,
Colbert Zhou
Microsoft Online Community Support

 

[Stewart Berman]

1. We can start Office application as Administrator privilege using the

following codes,

The application has to be available to all users -- not just administrators.
I will try the code below but it appears to require that the user be able to
give an administrative account/password to UAC.

If the application is run under the security context of another account that
account would provably not have access to the user's home directory since it
would have to be known to all user's of the application.

2, 4. What about my second suggestion, the Activation Permission

Restricting the application to members of a particular group will not stop
the problem if the risk application/spy is running in the security context
of the logged in user.

 

[Colbert Zhou [MSFT]]

Hello Saberman,

COM Security is an advanced topic, which I am not familiar. But with
further researches, I find that, to configure which users can access COM
object of the server process, we need to call into the low level COM APIs
to set the security explicitly. The main security COM function is
CoInitializeSecurity()
http://msdn.microsoft.com/en-us/library/ms693736(VS.85).aspx

We use the first parameter to define the access permissions that a server
will use to receive calls. You can get more information in the above MSDN
article.


Best regards,
Ji Zhou
Microsoft Online Community Support