Microsoft offers quick fix for Mac Office 2008 bug
The work-around uses Terminal to fix Office file-access permissions
The move followed reports earlier this week that Microsoft's newest suite incorrectly assigned full read and write access to a nonadministrative user if the Mac is set up with multiple accounts, as are most machines used in business. That could be a security problem for some shops, since IT administrators regularly lock down client systems to stymie attacks and prevent accidental changes by sloppy users.
Joel Bruner, the Chicago-based Mac consultant who first noticed the screw-up, said in an interview yesterday that a fix should be straightforward for Microsoft and that it is necessary.
"This isn't fatal," he said, "but the [IT] administrator who installs Office should own these files, not the regular user." One danger is that malware targeting Office 2008-equipped Macs could use the wrong-owner bug to hide its files in the Office directories or even swap out Office files for malicious code.
While that's not extremely likely, it's not impossible. "There's not a lot of malware for Mac OS X ... yet," said Bruner.
"This will be corrected in a future update," Geoff Price, product director of Microsoft's Mac Business Unit, confirmed in an e-mail today. "In the meantime, we're providing the following work-around that an admin can run on their Office 2008 install which will fix ownership permission issues. The person running the command needs to be an admin on the machine."
- Launch the Terminal application from the /Applications/Utilities folder
- Type the following command as one line and press return:
/usr/bin/sudo /usr/sbin/chown -h -R root:admin "/Applications/Microsoft Office 2008" "/Library/Automator" "/Library/Fonts/Microsoft" "/Library/Application Support/Microsoft"
- Enter administrator password when prompted
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts