MS anti-piracy feature trips up Office for Mac

Ironic, but low-risk, security flaw

By John Leyden • Get more from this author

Posted in Business, 8th February 2002 15:08 GMT

Tune into our application security webcast, click here

An anti-piracy feature in Microsoft Office for Mac has been linked to a denial of service risk, prompting Microsoft to issue a security fix.

A feature of the Office v. X software suite, called the Network Product Identification (PID) Checker, detects multiple copies of Office using the same product identifier running on a local network. If a duplicate PID is detected, Office shuts down.

However the software contains a flaw which means that the Network PID Checker doesn't correctly handle a particular type of malformed announcement. This will cause the process to crash, bringing the first loaded application down with it.

In a security notice, Microsoft said; "An attacker could use this vulnerability to cause other users' Office applications to fail, with the loss of any unsaved data.

"An attacker could craft and send this packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines," it adds.

Any properly configured firewall should block such a malformed request sent over the Internet, and broadcast and multicast traffic should also be restricted on a properly set up network. This, along with the fact the vulnerability can't be used to modify data or crash other applications running on a machine, restricts its seriousness.

Microsoft categorises the vulnerability as low risk and has issued a patch for Microsoft Office v. X that fixes the glitch. ®