Bug discovered in Office for Mac

Microsoft has announced a bug alert for Office v. X for the Macintosh. The security vulnerability in an anti-piracy tool allows...

Microsoft has announced a bug alert for Office v. X for the Macintosh. The security vulnerability in an anti-piracy tool allows an attacker to crash applications in Office. The company has released a patch to fix the problem.

The vulnerability is in the Network Product Identification Checker component of Office v. X, a tool which checks the local network that the copy of Office is running on for other copies using the same product identifier (PID), a number similar to a serial number. Each copy of Office v. X periodically "announces" its PID to the network and if two copies of Office v. X on a single network share the same PID, the application shuts down.

When a specially formulated announcement is sent to a machine or over the network, the Network PID check component incorrectly handles it and can cause Office v. X to crash, Microsoft said. When such a specially formulated packet is sent, only the first application opened after Office is launched will crash, though unsaved data could be lost. The attack could be directed against a single machine, using its IP address, or against an entire local network, the company added.

However the attack can be blocked by stopping certain kinds of traffic at a firewall and applying the patch. The attack has no further impact beyond crashing Office, Microsoft said.

Read more on Business applications

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close