News

New Holes Discovered In Office 97 Apps

Recently, two security vulnerabilities were discovered in Microsoft Word 97 and Microsoft Forms version 2.0 ActiveX Control, a Visual Basic for Applications (VBA) component of Office 97 and other VBA apps. The Redmond, Wash.-based company has been forthcoming in not only announcing the potential holes but patching them up.

Microsoft reports the vulnerabilities could be used by crackers to run malicious code on a user's machine without warning. The patch for the Word hole is on the company's Web site as is the one for Microsoft Forms.

Word 97 warns users when opening a document that contains macros, but Microsoft says that if that document does not contain macros but is linked to a template that does, no warning is issued. The company says a cracker could exploit this vulnerability by causing malicious code to be run without warning when a user opens a Word document attached to e-mail or on a Web-site. After installing Microsoft's patch, users will be warned before they launch a template that contains macros on templates.

A cracker could also use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a Web site set up by the cracker or opens an HTML-based e-mail created by a cracker. The patch prevents a cracker from exploiting the identified vulnerability, while not losing functionality of the Forms 2.0 Control.

In early December, Microsoft discovered similar vulnerabilities in Excel 97 that allowed crackers to exploit a user's desktop through simple HTML. Just like now, Microsoft sent out mass e-mails, informed the Computer Emergency Response Team (CERT) and posted a patch on its Web site. -- Brian Ploskina, Assistant Editor

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Highlights Emerging Kubernetes Scalability and Governance Efforts

    Microsoft this week highlighted some emerging efforts to improve both the scalability and governance of the open source Kubernetes container orchestration service.

  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.