News

New Holes Discovered In Office 97 Apps

Recently, two security vulnerabilities were discovered in Microsoft Word 97 and Microsoft Forms version 2.0 ActiveX Control, a Visual Basic for Applications (VBA) component of Office 97 and other VBA apps. The Redmond, Wash.-based company has been forthcoming in not only announcing the potential holes but patching them up.

Microsoft reports the vulnerabilities could be used by crackers to run malicious code on a user's machine without warning. The patch for the Word hole is on the company's Web site as is the one for Microsoft Forms.

Word 97 warns users when opening a document that contains macros, but Microsoft says that if that document does not contain macros but is linked to a template that does, no warning is issued. The company says a cracker could exploit this vulnerability by causing malicious code to be run without warning when a user opens a Word document attached to e-mail or on a Web-site. After installing Microsoft's patch, users will be warned before they launch a template that contains macros on templates.

A cracker could also use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a Web site set up by the cracker or opens an HTML-based e-mail created by a cracker. The patch prevents a cracker from exploiting the identified vulnerability, while not losing functionality of the Forms 2.0 Control.

In early December, Microsoft discovered similar vulnerabilities in Excel 97 that allowed crackers to exploit a user's desktop through simple HTML. Just like now, Microsoft sent out mass e-mails, informed the Computer Emergency Response Team (CERT) and posted a patch on its Web site. -- Brian Ploskina, Assistant Editor

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.