Computerworld - Microsoft Corp.'s Macintosh group has come up with a work-around to fix bungled installations of the new Office for Mac 2008.
The move followed reports earlier this week that Microsoft's newest suite incorrectly assigned full read and write access to a nonadministrative user if the Mac is set up with multiple accounts, as are most machines used in business. That could be a security problem for some shops, since IT administrators regularly lock down client systems to stymie attacks and prevent accidental changes by sloppy users.
Joel Bruner, the Chicago-based Mac consultant who first noticed the screw-up, said in an interview yesterday that a fix should be straightforward for Microsoft and that it is necessary.
"This isn't fatal," he said, "but the [IT] administrator who installs Office should own these files, not the regular user." One danger is that malware targeting Office 2008-equipped Macs could use the wrong-owner bug to hide its files in the Office directories or even swap out Office files for malicious code.
While that's not extremely likely, it's not impossible. "There's not a lot of malware for Mac OS X ... yet," said Bruner.
"This will be corrected in a future update," Geoff Price, product director of Microsoft's Mac Business Unit, confirmed in an e-mail today. "In the meantime, we're providing the following work-around that an admin can run on their Office 2008 install which will fix ownership permission issues. The person running the command needs to be an admin on the machine."
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
