Microsoft apologizes to Corel, users for Office 2003 SP3 muck-up
It also offers downloads to ease unblocking of old file formats
Computerworld - Microsoft Corp. yesterday apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk. Microsoft also issued new tools to let users of Office 2003 SP3 unblock a host of barred file types.
In a posting to his own blog, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in attributing security problems to certain file formats, including the one used by CorelDraw.
"We stated that it was the file formats that were insecure, but this is actually not correct," LeBlanc said, referring to a description in a now-changed support document. "A file format isn't insecure -- it's the code that reads the format that's more or less secure. The parsers we use for these older formats aren't as robust as the code we've written more recently, which is part of our decision to disable them by default.
"Some of the formats blocked are from products built by companies other than Microsoft, and we apologize for implying that there were any problems in those companies' file formats," said LeBlanc. He did not specifically name Corel.
But it was Corel that publicly squawked when it realized Microsoft had blocked its .cdr file format -- still used by its CorelDraw graphics application -- in last September's Office 2003 Service Pack 3 update. "We didn't know where the issue was coming from," Gerard Metrallier, Corel's director of product management, graphics, said yesterday.
LeBlanc also echoed the mea culpa made Friday by Reed Shaffner, product manager for Office, who acknowledged that Microsoft had done a poor job communicating the changes to users, and had failed customers when it posted daunting work-arounds that required manual editing of the Windows registry.
"We also recognize that we have not made any of this as usable as we'd like, and we apologize that this hasn't been as well documented or as easy as you need it to be," LeBlanc said. "We did not provide an easy way for end users to change this behavior so they could open these older files." To make amends, Microsoft has posted several files on its Web site that automate registry changes.
Microsoft's rewritten Knowledge Base article also fingered the company's own code, not the file formats, as the security concern. "By default, these file types are blocked because the parsing code that Office 2003 uses to open and save the file types is less secure. Therefore, opening and saving these file types may pose a risk to you," the revision read. That was a change from the earlier version, which had claimed: "By default, these file formats are blocked because they are less secure. They may pose a risk to you."
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!