Thursday, January 08, 2004

ZDNet UK - News - 'Unfixable' Word password hole exposed

ZDNet UK - News - 'Unfixable' Word password hole exposed: "Microsoft Word documents that use the software's built-in password protection to avoid unauthorised editing can easily be modified using a relatively simple hack that was published on a security Web site last Friday."
...
Following Delbrouck's revelations, Microsoft updated its Knowledge Base article 822924, titled "Overview of Office features that are intended to enable collaboration and that are not intended to increase security" to include the following warning to users: "When you are using the 'Password to Modify' feature, a malicious user may still be able to gain access to your password."

Ahh -- the new placebo password feature...

(Thanks to Irwin Lazar for the pointer)

No comments: