updated 02:00 pm EST, Fri January 25, 2008
Office 2008 security hole
Microsoft Office 2008 for Mac allegedly ships with improper permissions handling, installing files under user 502, which is a common user ID, rather than the 501 administrator account. According to blogger Brunerd, this issue makes it easier for large-scale deployments to occur, but can be a huge hassle for IT specialists, and a security risk for users. In large office environment, an IT team usually handles software installs and modifications of software, so by placing control over file integrity in the hands of a standard user account, the software could easily be removed or broken by an ignorant user.
The problem files primarily sit within the main Library folder, although the suite’s application folder itself is also flawed. This could potentially leave a hole wide open for malicious users to exploit.
Brunerd cautions users that wish to manually edit Office’s permissions, saying that the suite’s receipt files must be eliminated. Otherwise, utilities like Apple’s Disk Utility or Alsoft’s DiskWarrior will return the values to their former state when performing a permissions repair.