Microsoft Word documents that use the software’s built-in password protection to avoid unauthorised editing can easily be modified using a relatively simple hack that was published on a security website last Friday.<\/p>\n","protected":false},"excerpt":{"rendered":"
The password-protection feature in Microsoft Word – activated by clicking on Tools\/Protect Document – can be bypassed, disabled or deleted at will, with the help of a simple programming tool called a hex editor.<\/p>\n
Microsoft was informed about the vulnerability in late November by Thorsten Delbrouck, chief information officer of Guardeonic Solutions, which is a subsidiary of German security specialist Infineon Technologies. He explained that one of his company’s hardware suppliers is Dell, which emails its quotes on a form protected-Word document.<\/p>\n
Following Delbrouck’s revelations, Microsoft updated its Knowledge Base article 822924, titled ‘Overview of Office features that are intended to enable collaboration and that are not intended to increase security’ to include the following warning to users: “When you are using the ‘Password to Modify’ feature, a malicious user may still be able to gain access to your password.”<\/p>\n
Instead of using the protect feature, Thorsten Delbrouck advises companies sending sensitive information to use digital signatures or a different document format altogether, such as Adobe’s PDF, which he has recommended to Dell in Germany.<\/p>\n
More info: [url=http:\/\/www.silicon.com\/hardware\/desktops\/0,39024645,39117653,00.htm?foo=Word%20hole%20exposed%20with%20no%20fix%20on%20the%20way%2001-07-2004]http:\/\/www.silicon.com\/hardware\/desktops\/0,39024645,39117653,00.htm?foo=Word%20hole%20exposed%20with%20no%20fix%20on%20the%20way%2001-07-2004[\/url]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2326","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2326","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2326"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2326\/revisions"}],"predecessor-version":[{"id":4813,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2326\/revisions\/4813"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}