Security Flaw Found in Microsoft Word

Instructions for exploiting a password hole have been posted online.

Paul Roberts,
IDG News Service
Thursday, January 08, 2004

Once again Microsoft is facing criticism from security experts, this time for a security flaw found in Microsoft Word. The flaw was publicized when a researcher posted instructions for circumventing a password feature in the popular word processing program.

The password feature is designed to protect the content of specific elements of Word documents, such as forms or comments, from reviewers.

However, a user can find and erase the password for the feature by saving the Word document as an HTML file and then viewing it with a simple text editor, according to a security alert posted Saturday to the Bugtraq security newsgroup.


New and Improved?
Microsoft introduced a number of new security features in Word, Outlook, and other products with the release of Office 2003 in October, under the heading of information rights management.

The features are based on Microsoft's Windows Rights Management Service technology, part of Windows Server 2003, and are designed to allow organizations to prevent digital content from being copied or modified without the author's knowledge.

The new rights-management features allow Word users to assign file permissions based on user roles, restrict printing, and set expiration dates after which files cannot be opened.

Microsoft acknowledges on its Web site that the password feature in question is less secure than other security features, such as those allowing users to lock entire documents with a password.

More at PCWorld