Quantcast
Subscribe to magazine

Word Bug Can Permit Malicious Macros

Downloadable fix can swat bug that allows planting of potentially dangerous macros.

Sam Costello, IDG News Service

  • 0 Yes
  • 0 No

A flaw in several versions of Microsoft Word allows malicious macros to duck Word's security features and make possibly devastating changes to a PC.

The vulnerability affects Word 97, 2000, 2002, the Japanese version of Word 98, and Word for Macintosh 98 and 2001. Someone could exploit the vulnerability by performing what Microsoft calls "low-level editing" on a Word document to disguise the malicious macros and prevent Word's macro checker from detecting them, Microsoft officials acknowledge. A macro is a small script used to automate tasks, such as formatting.

Microsoft has posted a patch, along with a security bulletin, for this vulnerability. The flaw was discovered by Steven McLeod.

It is similar to another Word macro vulnerability discovered in May. Microsoft characterized that bug as "mild."

The earlier vulnerability occurred when a user opened an RTF file that referenced a template containing an embedded macro. The bug permitted the macro to run without warning the user, possibly making some changes to Word. It affected only Word 97 and later versions, and only certain RTF documents. Microsoft issued a patch for that bug as well.

Word Usually Watches Macros

Typically, Word alerts a user upon opening a document containing macros, and offers the option to run or disable them. Word also automatically checks for macros in any linked documents, including templates, within a document. But this bug disables that function, so a user wouldn't know that a malicious macro was present or had run. Such a macro could take any action that a user could, including changing or deleting files, contacting a Web site, disabling security settings, or even reformatting a hard drive, Microsoft says.

Users could access an affected Word document from a floppy disk, a Web page, or an attachment via e-mail.

Microsoft says this bug affects only Word, not other Office components. The Outlook Express security update, which is included with Word 2002, is protected from e-mail worms and would also protect users from a Word document with a malicious macro.

Macros have long been the province of annoying, but usually not terribly destructive, viruses.

  • Recommend this story?
  • 0 Yes
    0 No

With HP wireless printers, you could have printed this from any room in the house. Live wirelessly. Print wirelessly.

Related Software Articles

  • Sync 'Em 1.00 Released Derman Enterprises has announced the release of Sync 'Em 1.00, a new "sync hub" for Mac OS X. It costs US$14.95 for a license...
  • When in Doubt, Consider the Customer Getting customers is one thing; retaining them is another. Now is a great time to rethink your customer service strategy.
  • Open-Source Drupal Turns Pro Acquia's strengthened and supported distribution of the open source content manager smooths the path to a trouble-free Drupal Web site.
  • Flex-Time: Want a Four-Day Workweek? IT is Key All companies look to cut costs during an economic recession: A one-year trial of a four-day work week for the state of Utah is predicted to save $3 million. And it saves employees commuting costs as well.
  • How to Fix Drop Box Permissions Issues in 10.5 If you have multiple Macs in your home, and you're running OS X 10.5, you may run into a permissions problem with each user's...
More Related Software Articles
  • Web Demo: Discover the Benefits of VoIP Is your company looking for a world class VoIP communications solution that will meet all of your business requirements? If so, join us for our Live Online Demo where you will receive a "guided tour" to the AltiGen Solution.
  • PC World Webcast: Going Green Wondering how to make your business greener? These tips will help your business save money, and save the environment.
  • A Windows Vista FAQ Corporate customers are deploying Windows Vista now, and Dell Services wants to help you understand the features of the new OS and how to plan your Windows Vista deployment.

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)