Microsoft offers quick fix for Mac Office 2008 bug
The work-around uses Terminal to fix Office file-access permissions
The move followed reports earlier this week that Microsoft's newest suite incorrectly assigned full read and write access to a nonadministrative user if the Mac is set up with multiple accounts, as are most machines used in business. That could be a security problem for some shops, since IT administrators regularly lock down client systems to stymie attacks and prevent accidental changes by sloppy users.
Joel Bruner, the Chicago-based Mac consultant who first noticed the screw-up, said in an interview yesterday that a fix should be straightforward for Microsoft and that it is necessary.
"This isn't fatal," he said, "but the [IT] administrator who installs Office should own these files, not the regular user." One danger is that malware targeting Office 2008-equipped Macs could use the wrong-owner bug to hide its files in the Office directories or even swap out Office files for malicious code.
While that's not extremely likely, it's not impossible. "There's not a lot of malware for Mac OS X ... yet," said Bruner.
"This will be corrected in a future update," Geoff Price, product director of Microsoft's Mac Business Unit, confirmed in an e-mail today. "In the meantime, we're providing the following work-around that an admin can run on their Office 2008 install which will fix ownership permission issues. The person running the command needs to be an admin on the machine."
- Launch the Terminal application from the /Applications/Utilities folder
- Type the following command as one line and press return:
/usr/bin/sudo /usr/sbin/chown -h -R root:admin "/Applications/Microsoft Office 2008" "/Library/Automator" "/Library/Fonts/Microsoft" "/Library/Application Support/Microsoft"
- Enter administrator password when prompted
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts