A simple hack to Word’s password-protection feature means documents may not be as secure as users believe. No fix is on the way, says Microsoft. Microsoft Word documents that use the software’s built-in password protection to avoid unauthorised editing can easily be modified using a relatively simple hack that was published on a security Web site last Friday. The password-protection feature in Microsoft Word — activated by clicking on Tools/Protect Document — can be bypassed, disabled or deleted at will, with the help of a simple programming tool called a hex editor. The hack does not leave a trace, meaning an unauthorised user could remove the password protection from a document, edit it, and then replace the original password. Microsoft was informed about the vulnerability in late November by Thorsten Delbrouck, chief information officer of Guardeonic Solutions, which is a subsidiary of German security specialist Infineon Technologies. In early December, Microsoft denied there was a problem because, the company said, the password-protection feature is not intended to provide “fool-proof protection for tampering or spoofing” but is “merely a functionality to prevent accidental changes of a document”. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.