Microsoft Word file security flaw uncovered

Microsoft is again facing criticism from security experts after a researcher posted instructions for circumventing a password...

Microsoft is again facing criticism from security experts after a researcher posted instructions for circumventing a password feature in its Word software.

The feature is designed to protect the content of specific elements of Word documents, such as forms or comments, from reviewers. However, a user can find and erase the password for the feature by saving the Word document as an HTML file and then viewing it with a simple text editor, according to a security alert posted to the Bugtraq security newsgroup.

Microsoft introduced a number of security features in Word, Outlook and other products with the release of Office 2003 in October under the heading of "information rights management".

The features are based on Microsoft's Windows Rights Management Service technology, part of Windows Server 2003, and are designed to allow organisations to prevent digital content from being copied or modified without the author's knowledge.

The rights management features allow Word users to assign file permissions based on user roles, restrict printing and set expiry dates after which files cannot be opened.

Microsoft has acknowledged that the password feature is less secure than other security features, such as those allowing users to lock entire documents with a password.

( www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/office/office2000/reskit/ork2000/html/65t2_2.asp.)

Paul Roberts writes for IDG News Service

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close