Microsoft has issued a security bulletin (and program patch) about a flaw that lets macros automatically execute in Word (versions 97 through 2002) documents. The potential for hacker mayhem is significant.
In typical use, Word's security mechanism guards against automatically running macros. In Word 97, for example, a pop-up window appears whenever Word opens a file and discovers a macro if that's the security setting you've chosen.
Here's how Microsoft describes it: "By default in Word 2000 and 2002, only macros that are signed by a trusted party are enabled; all others are disabled. In Word 97, if the document contains macros, the user is prompted regarding whether to enable them or disable them."
Unfortunately, it turns out that it is possible to modify a Word document so the security scanner won't recognize an embedded macro -- and lets the macro execute no matter what. (Microsoft doesn't give any details about what that modification is.) Given the power of the macro language, that's a huge security hole.
The company has posted patches for Word (for both Windows and the Mac) at:
While we don't know how widely such hacked files may be circulating, we suggest you apply the fix right away.
No comments:
Post a Comment