Microsoft offers quick fix for Mac Office 2008 bug
The work-around uses Terminal to fix Office file-access permissions
The move followed reports earlier this week that Microsoft's newest suite incorrectly assigned full read and write access to a nonadministrative user if the Mac is set up with multiple accounts, as are most machines used in business. That could be a security problem for some shops, since IT administrators regularly lock down client systems to stymie attacks and prevent accidental changes by sloppy users.
Joel Bruner, the Chicago-based Mac consultant who first noticed the screw-up, said in an interview yesterday that a fix should be straightforward for Microsoft and that it is necessary.
"This isn't fatal," he said, "but the [IT] administrator who installs Office should own these files, not the regular user." One danger is that malware targeting Office 2008-equipped Macs could use the wrong-owner bug to hide its files in the Office directories or even swap out Office files for malicious code.
While that's not extremely likely, it's not impossible. "There's not a lot of malware for Mac OS X ... yet," said Bruner.
"This will be corrected in a future update," Geoff Price, product director of Microsoft's Mac Business Unit, confirmed in an e-mail today. "In the meantime, we're providing the following work-around that an admin can run on their Office 2008 install which will fix ownership permission issues. The person running the command needs to be an admin on the machine."
- Launch the Terminal application from the /Applications/Utilities folder
- Type the following command as one line and press return:
/usr/bin/sudo /usr/sbin/chown -h -R root:admin "/Applications/Microsoft Office 2008" "/Library/Automator" "/Library/Fonts/Microsoft" "/Library/Application Support/Microsoft"
- Enter administrator password when prompted
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!