Mac Office vulnerable, Microsoft warns

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1001-831539.html

By Joe Wilcox 
Staff Writer, CNET News.com
February 7, 2002, 7:05 AM PT

Users of Microsoft Office on the Macintosh may find that their product
serial number is a tool for hackers.

Microsoft issued a security warning Wednesday saying that programmers
with malicious intent could use Mac Office v. X's product identifier
to shut down one or more copies of the application running on a
network or connected to the Internet.

Although the Redmond, Wash.-based software titan characterized the
security threat as low, the timing and unusual nature of the
problem--an exploit involving an anti-piracy mechanism--could give it
another black eye. The company has taken a drubbing recently from
analysts and customers for security glitches involving the Excel and
PowerPoint applications, secure digital content, the Windows XP
operating system, and the Internet Explorer browser, among other
products.

Those problems have prompted Microsoft to go beyond simply issuing
warnings and patches. Last month, Chairman Bill Gates sent an e-mail
to the company's 47,000 employees, urging them to make security a top
priority. The company has even stopped product development for a month
to conduct security education and a review of products.

Office v. X, Microsoft's flagship product for Apple Computer's
Macintosh, was released in November. With the new version, Microsoft
introduced an anti-piracy mechanism that checks for duplicate serial
numbers running on a network. The mechanism will not allow two copies
of the product with the same serial number to run simultaneously on
the same network.

In the security notice, Microsoft described the problem as a "flaw" in
the product identification checker, which "doesn't correctly handle a
particular type of malformed announcement." When that happens, the
feature fails, shutting down Mac Office.

"An attacker could use this vulnerability to cause other users' Office
applications to fail, with the loss of any unsaved data," Microsoft's
security notice warned. "An attacker could craft and send this packet
to a victim's machine directly, by using the machine's IP address. Or,
he could send this same directive to a broadcast and multicast domain
and attack all affected machines."

Companies using standard firewall procedures could prevent problems
from the outside, although malicious code could still get through by
other means, such as an improperly configured wireless network.

Microsoft emphasized that hackers could not create, delete or modify
Office documents, although unsaved data would be lost during an
unexpected shutdown. The company has issued a security patch to
correct the problem.

The vulnerability does not affect Office XP, which uses a different
anti-piracy mechanism. Rather than check for serial numbers, Office XP
uses a product activation feature. A person must activate the product,
which essentially "locks" the software to the particular hardware
configuration.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.