[ISN] Mac Office vulnerable, Microsoft warns

From: InfoSec News (isnat_private)
Date: Sun Feb 10 2002 - 23:58:37 PST

  • Next message: InfoSec News: "[ISN] Microsoft: Outlook Express bug's "solution": use a synonym for "begin"!"

    By Joe Wilcox 
    Staff Writer, CNET News.com
    February 7, 2002, 7:05 AM PT
    Users of Microsoft Office on the Macintosh may find that their product
    serial number is a tool for hackers.
    Microsoft issued a security warning Wednesday saying that programmers
    with malicious intent could use Mac Office v. X's product identifier
    to shut down one or more copies of the application running on a
    network or connected to the Internet.
    Although the Redmond, Wash.-based software titan characterized the
    security threat as low, the timing and unusual nature of the
    problem--an exploit involving an anti-piracy mechanism--could give it
    another black eye. The company has taken a drubbing recently from
    analysts and customers for security glitches involving the Excel and
    PowerPoint applications, secure digital content, the Windows XP
    operating system, and the Internet Explorer browser, among other
    Those problems have prompted Microsoft to go beyond simply issuing
    warnings and patches. Last month, Chairman Bill Gates sent an e-mail
    to the company's 47,000 employees, urging them to make security a top
    priority. The company has even stopped product development for a month
    to conduct security education and a review of products.
    Office v. X, Microsoft's flagship product for Apple Computer's
    Macintosh, was released in November. With the new version, Microsoft
    introduced an anti-piracy mechanism that checks for duplicate serial
    numbers running on a network. The mechanism will not allow two copies
    of the product with the same serial number to run simultaneously on
    the same network.
    In the security notice, Microsoft described the problem as a "flaw" in
    the product identification checker, which "doesn't correctly handle a
    particular type of malformed announcement." When that happens, the
    feature fails, shutting down Mac Office.
    "An attacker could use this vulnerability to cause other users' Office
    applications to fail, with the loss of any unsaved data," Microsoft's
    security notice warned. "An attacker could craft and send this packet
    to a victim's machine directly, by using the machine's IP address. Or,
    he could send this same directive to a broadcast and multicast domain
    and attack all affected machines."
    Companies using standard firewall procedures could prevent problems
    from the outside, although malicious code could still get through by
    other means, such as an improperly configured wireless network.
    Microsoft emphasized that hackers could not create, delete or modify
    Office documents, although unsaved data would be lost during an
    unexpected shutdown. The company has issued a security patch to
    correct the problem.
    The vulnerability does not affect Office XP, which uses a different
    anti-piracy mechanism. Rather than check for serial numbers, Office XP
    uses a product activation feature. A person must activate the product,
    which essentially "locks" the software to the particular hardware
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Feb 11 2002 - 04:32:27 PST