Microsoft apologizes to Corel, users for Office 2003 SP3 muck-up
It also offers downloads to ease unblocking of old file formats
Computerworld - Microsoft Corp. yesterday apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk. Microsoft also issued new tools to let users of Office 2003 SP3 unblock a host of barred file types.
In a posting to his own blog, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in attributing security problems to certain file formats, including the one used by CorelDraw.
"We stated that it was the file formats that were insecure, but this is actually not correct," LeBlanc said, referring to a description in a now-changed support document. "A file format isn't insecure -- it's the code that reads the format that's more or less secure. The parsers we use for these older formats aren't as robust as the code we've written more recently, which is part of our decision to disable them by default.
"Some of the formats blocked are from products built by companies other than Microsoft, and we apologize for implying that there were any problems in those companies' file formats," said LeBlanc. He did not specifically name Corel.
But it was Corel that publicly squawked when it realized Microsoft had blocked its .cdr file format -- still used by its CorelDraw graphics application -- in last September's Office 2003 Service Pack 3 update. "We didn't know where the issue was coming from," Gerard Metrallier, Corel's director of product management, graphics, said yesterday.
LeBlanc also echoed the mea culpa made Friday by Reed Shaffner, product manager for Office, who acknowledged that Microsoft had done a poor job communicating the changes to users, and had failed customers when it posted daunting work-arounds that required manual editing of the Windows registry.
"We also recognize that we have not made any of this as usable as we'd like, and we apologize that this hasn't been as well documented or as easy as you need it to be," LeBlanc said. "We did not provide an easy way for end users to change this behavior so they could open these older files." To make amends, Microsoft has posted several files on its Web site that automate registry changes.
Microsoft's rewritten Knowledge Base article also fingered the company's own code, not the file formats, as the security concern. "By default, these file types are blocked because the parsing code that Office 2003 uses to open and save the file types is less secure. Therefore, opening and saving these file types may pose a risk to you," the revision read. That was a change from the earlier version, which had claimed: "By default, these file formats are blocked because they are less secure. They may pose a risk to you."
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts