Microsoft offers quick fix for Mac Office 2008 bug

Computerworld - Microsoft Corp.'s Macintosh group has come up with a work-around to fix bungled installations of the new Office for Mac 2008.

The move followed reports earlier this week that Microsoft's newest suite incorrectly assigned full read and write access to a nonadministrative user if the Mac is set up with multiple accounts, as are most machines used in business. That could be a security problem for some shops, since IT administrators regularly lock down client systems to stymie attacks and prevent accidental changes by sloppy users.

Joel Bruner, the Chicago-based Mac consultant who first noticed the screw-up, said in an interview yesterday that a fix should be straightforward for Microsoft and that it is necessary.

"This isn't fatal," he said, "but the [IT] administrator who installs Office should own these files, not the regular user." One danger is that malware targeting Office 2008-equipped Macs could use the wrong-owner bug to hide its files in the Office directories or even swap out Office files for malicious code.

While that's not extremely likely, it's not impossible. "There's not a lot of malware for Mac OS X ... yet," said Bruner.

"This will be corrected in a future update," Geoff Price, product director of Microsoft's Mac Business Unit, confirmed in an e-mail today. "In the meantime, we're providing the following work-around that an admin can run on their Office 2008 install which will fix ownership permission issues. The person running the command needs to be an admin on the machine."

• Launch the Terminal application from the /Applications/Utilities folder
• Type the following command as one line and press return:
  /usr/bin/sudo /usr/sbin/chown -h -R root:admin "/Applications/Microsoft Office 2008" "/Library/Automator" "/Library/Fonts/Microsoft" "/Library/Application Support/Microsoft"
• Enter administrator password when prompted

Read more about security in Computerworld's Security Knowledge Center.