Antipiracy tool leads to DoS in Office for Mac

A security vulnerability in an antipiracy tool included in Microsoft Corp.'s Office v. X for the Macintosh can allow an attacker to crash applications in Office, Microsoft said in a bug alert Thursday. The company has released a patch to fix the problem.

The vulnerability is in the Network Product Identification Checker component of Office v. X, a tool which checks the local network that the copy of Office is running on for other copies using the same Product Identifier (PID), a number similar to a serial number, Microsoft said. Each copy of Office v. X periodically "announces" its PID to the network and if two copies of Office v. X on a single network share the same PID, the application shuts down.

When a specially formulated announcement is sent to a machine or over the network, the Network PID Check component incorrectly handles it and can cause Office v. X to crash, the company said. When such a specially formulated packet is sent, only the first application opened after Office is launched will crash, though unsaved data could be lost, Microsoft said. The attack could be directed against a single machine, using its IP (Internet Protocol) address, or against an entire local network, the company added.

The attack can be blocked, Microsoft said, by stopping certain kinds of traffic at the firewall and applying the patch. The attack has no further impact beyond crashing Office, Microsoft said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

PC World
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?