My problem with OOXML is all the unpatched vulns it creates on Windows boxes.
I have lots of Office 2003 (and older) users. So they get the MS compatibility pack, so they can read Office 2007 files. So far so good. Except that the compatibility pack brings in snippets of Office 2007 code. Which need periodic patches to cope with new vulnerabilities.
Now here's the rub: if I manage the OS on these boxes with Windows Update, it finds the Windows problems - fine. And Office update finds the Office 2003 problems - also fine. But neither of these finds the Office 2007 compatibility pack vulns. All those unpatched boxes, with all those unpatched vulnerabilities. Tut, tut, tut.
By chance I've found out the the new-fangled "Microsoft Update" will find the missing patches and apply them. Phew. So I'm forced to use it against my will, but what's new?
So, the OOXML compatibility pack looks like a golden opportunity for crackers worldwide. Get cracking, I say. Happy Christmas.
Even Paris gets violated less than a Windows box.