Posted on 09/12/2002 2:23:01 PM PDT by WASH
WASHINGTON, D.C. - Microsoft's flagship word processor has a security flaw that could allow the theft of computer files by "bugging" a document with a hidden code, the company disclosed Thursday. It was exploring how to fix the problem and whether to extend the repair to an older version of the software still used by millions.
The attack begins when a bugged document goes out, usually with a request to be revised and returned to the sender -- a common form of daily communication. When the document is changed and sent back, the targeted file accompanies it.
"It has the potential of allowing people to get at data that they are explicitly not allowed to get to," said Woody Leonhard, who has written books on Microsoft's Word and Office software.
The flaw would most likely occur in the workplace, where Word is the most prominent word processing program. Potential targets for theft are sensitive legal contracts, payroll records or e-mails, either from a hard drive or computer network, depending on the victim's access to files.
"The issue appears to affect all versions of Microsoft Word," Microsoft said in a statement in response to questions by The Associated Press. "When the investigation is completed, we will take the action that best serves Microsoft's customers."
Word 97, an earlier version of the program, is most susceptible to the attack. But Word 97 will not be repaired because Microsoft no longer provides support it, the company said.
A research firm reported in May that about 32 percent of offices have copies of Word 97 running, according to a survey of 1,500 high-tech managers worldwide.
(Excerpt) Read more at nwcn.com ...
Isn't that special?! 1/3 of offices are still getting a return from their investment in Word 97, and apparently have little or no need for any support from Microsoft. That is, until this nasty security hole was "discovered."
Cha-ching!
I guess that's one way to squeeze upgrade fees out of some of those stubborn, penny-pinching late-adopters...
MS may be forced to fix Word 97 if enough people complain about it. If your interest is mainly just document processing, then there's really no reason to upgrade it into the bloatware of the last two versions.
Norton Antivirus can be set to screen incoming email, and will detect macro-viruses.
The company said it will definitely repair the problem only for owners of the most recent versions of the software.
That decision -- still left largely up in the air by Microsoft engineers -- may leave millions of users of Word 97 without a fix. All versions of Word are susceptible to the flaw, but the problem is most severe in Word 97.
"It's incredible to me that Microsoft would turn its back on Word 97 users," said Woody Leonhard, who has written books on Microsoft's Word and Office software. "They bought the package with and its ability to protect them from this kind of exploit."
There are risks when you become dependent on any particular single-sourced software tool. The End User License Agreement disclaims that the program will even work for you. And the vendor has apparently dropped all support.
These folks are screwed. Too bad. Time to upgrade. Be sure to shop around next time.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.