Patch Office X for Network Vulnerability -- Microsoft has released a Network Security Updater for Microsoft Office X that eliminates a network vulnerability made possible by a flaw in the application suite's network-aware anti-piracy mechanism. Office X checks to make sure that every copy running on the network is using a unique product identifier (PID); if an Office application detects a duplicate, it shuts down. As discovered by Marty Schoch, the problem is that the checking code doesn't correctly handle a malformed PID announcement, causing the first Office application launched to crash, with the possible loss of data. So although someone could cause Office applications to crash by sending malformed PID announcements, there is no possibility that data could be created, deleted, or modified. For full details, see Microsoft Security Bulletin MS01-002. [ACE]

<http://www.microsoft.com/mac/DOWNLOAD/OFFICEX/ NetworkUpdater.asp>
<http://www.microsoft.com/mac/officex/>
<http://www.microsoft.com/technet/security/ bulletin/MS02-002.asp>

Permanent article URL: http://db.tidbits.com/article/6712
This is a specially formatted version of this TidBITS article that removes colors, and optionally removes images; it's designed to minimize the use of ink and paper.
Unless otherwise noted, this article is copyright © 2002 TidBITS Publishing, Inc.. TidBITS is copyright © 2008 TidBITS Publishing Inc. Reuse governed by this Creative Commons License: http://www.tidbits.com/terms/.