Update: Microsoft patches Office 2003 lockout bug

It didn't extend digital certificates' expiration date; fix must be manually downloaded

Microsoft on Saturday fixed a bug that locked out Office 2003 users from accessing documents safeguarded with the company's rights management security technology.

Apparently, Microsoft forgot to extend the expiration date of the digital certificates used to control access to sensitive Office 2003 documents.

On Friday, Microsoft acknowledged the problem with Office 2003 and Rights Management Service (RMS) that had blocked users from opening or saving protected documents. By Saturday, the company had rushed a hotfix into place.

All Word, Excel, PowerPoint and Outlook documents from the Office 2003 suite that had been locked with RMS were unavailable as of Dec. 11, Microsoft said Friday night in a post to the Office Sustained Engineering blog.

Users saw the message, "Unexpected error occurred. Please try again later or contact your system administrator" when they tried to open or save RMS-protected documents.

The hotfix, which let users access the locked documents, must be downloaded manually, said Microsoft; the patch will not be pushed to users automatically via Windows Update.

According to Microsoft, the problem stemmed from the expiration of the digital certificates used to lock the RMS-protected documents. "Microsoft believed it was important to establish short-term expiration dates (in this case, seven years) for these certificates to allow us to re-evaluate and update IRM [Information Rights Management] capabilities based on new, more sophisticated encryption technology," a company spokeswoman said Monday.

But Microsoft neglected to update the certificates on schedule. "The original intent was to refresh and strengthen the certificate over time," the spokeswoman added. "We have not done a thorough post-mortem on this incident since we were very focused on fixing the problem. Looking ahead, we are exploring long-term solutions that will prevent something like this from happening again in the future," she said.

Documents created with Office 2007 or the public beta of Office 2010, then locked with RMS, were not affected by the gaffe, since their certificates are still valid.

The Technologizer site first reported the Office 2003 lock-out snafu on Friday afternoon.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter @gkeizer, send e-mail at gkeizer@ix.netcom.com or subscribe to Gregg's RSS feed .

6 tips for scaling up team collaboration tools
Shop Tech Products at Amazon