Enterprise applications Toolkit

Microsoft warns of Mac Office security flaw

Tags:
Product Activation,
Security Flaw,
Mac OS X,
Serial Number

Joe Wilcox, CNET News.com CNet

Published: 07 Feb 2002 17:38 GMT

Users of Microsoft Office on the Macintosh may find that their product serial number is a tool for hackers.

Microsoft issued a security warning on Wednesday saying that programmers with malicious intent could use Mac Office v. X's product identifier to shut down one or more copies of the application running on a network or connected to the Internet.

Although the software titan characterised the security threat as low, the timing and unusual nature of the problem -- an exploit involving an anti-piracy mechanism -- could give it another black eye. The company has taken a drubbing recently from analysts and customers for security glitches involving the Excel and PowerPoint applications, secure digital content, the Windows XP operating system, and the Internet Explorer browser, among other products.

Those problems have prompted Microsoft to go beyond simply issuing warnings and patches. Last month, chairman Bill Gates sent an email to the company's 47,000 employees, urging them to make security a top priority. The company has even stopped product development for a month to conduct security education and a review of products.

Office v. X, Microsoft's flagship product for Apple Computer's Macintosh, was released in November. With the new version, Microsoft introduced an anti-piracy mechanism that checks for duplicate serial numbers running on a network. The mechanism will not allow two copies of the product with the same serial number to run simultaneously on the same network.

In the security notice, Microsoft described the problem as a "flaw" in the product identification checker, which "doesn't correctly handle a particular type of malformed announcement." When that happens, the feature fails, shutting down Mac Office.

"An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data," Microsoft's security notice warned. "An attacker could craft and send this packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines."

Companies using standard firewall procedures could prevent problems from the outside, although malicious code could still get through by other means, such as an improperly configured wireless network.

Microsoft emphasised that hackers could not create, delete or modify Office documents, although unsaved data would be lost during an unexpected shutdown. The company has issued a security patch to correct the problem.

The vulnerability does not affect Office XP, which uses a different anti-piracy mechanism. Rather than check for serial numbers, Office XP uses a product activation feature. A person must activate the product, which essentially "locks" the software to the particular hardware configuration.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.