http://news.com.com/2100-1001-831539.html By Joe Wilcox Staff Writer, CNET News.com February 7, 2002, 7:05 AM PT Users of Microsoft Office on the Macintosh may find that their product serial number is a tool for hackers. Microsoft issued a security warning Wednesday saying that programmers with malicious intent could use Mac Office v. X's product identifier to shut down one or more copies of the application running on a network or connected to the Internet. Although the Redmond, Wash.-based software titan characterized the security threat as low, the timing and unusual nature of the problem--an exploit involving an anti-piracy mechanism--could give it another black eye. The company has taken a drubbing recently from analysts and customers for security glitches involving the Excel and PowerPoint applications, secure digital content, the Windows XP operating system, and the Internet Explorer browser, among other products. Those problems have prompted Microsoft to go beyond simply issuing warnings and patches. Last month, Chairman Bill Gates sent an e-mail to the company's 47,000 employees, urging them to make security a top priority. The company has even stopped product development for a month to conduct security education and a review of products. Office v. X, Microsoft's flagship product for Apple Computer's Macintosh, was released in November. With the new version, Microsoft introduced an anti-piracy mechanism that checks for duplicate serial numbers running on a network. The mechanism will not allow two copies of the product with the same serial number to run simultaneously on the same network. In the security notice, Microsoft described the problem as a "flaw" in the product identification checker, which "doesn't correctly handle a particular type of malformed announcement." When that happens, the feature fails, shutting down Mac Office. "An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data," Microsoft's security notice warned. "An attacker could craft and send this packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines." Companies using standard firewall procedures could prevent problems from the outside, although malicious code could still get through by other means, such as an improperly configured wireless network. Microsoft emphasized that hackers could not create, delete or modify Office documents, although unsaved data would be lost during an unexpected shutdown. The company has issued a security patch to correct the problem. The vulnerability does not affect Office XP, which uses a different anti-piracy mechanism. Rather than check for serial numbers, Office XP uses a product activation feature. A person must activate the product, which essentially "locks" the software to the particular hardware configuration. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 11 2002 - 04:32:27 PST