Microsoft Word documents that use the software's built-in password
protection to avoid unauthorized editing can easily be modified using a relatively simple hack that was recently published on a security Web site.
Known as the Password to Modify feature, the password-protection
mechanism in Microsoft Word can be bypassed, disabled or deleted with the help of a simple programming tool called a hex editor. The hack does not leave a trace, meaning an unauthorized user could remove the password protection from a document, edit it and replace the original password.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.
Microsoft was informed about the vulnerability in late November by
Thorsten Delbrouck, chief information officer of Guardeonic Solutions, which is a subsidiary of German security specialist Infineon Technologies.
In a Knowledge Base article published in early December, Microsoft
denied there was a problem because, the company said, the
password-protection feature is not intended to provide "fool-proof
protection for tampering or spoofing," but is "merely a functionality to prevent accidental changes of a document."
"(When) you use the Password to Modify feature, the feature is
functioning as intended even when a user with malicious intent bypasses the feature," . "The behavior occurs because the feature was never designed to protect your document or file from a user with malicious intent."
The software giant recommends that users who want to secure their
documents use the Password to Open feature.
However, Microsoft's assertions were questioned by Delbrouck, who said the feature poses serious legal implications for companies. He explained that one of his company's hardware suppliers is Dell, which e-mails its quotes on a protected Word document. What happens, asked Delbrouck, if Dell sends him an offer, he uses the hack to modify the offer in his favor, then signs it and faxes it back?
"We would probably end up in court and an expert would probably look at the original document and say, 'this document is protected by a password that the customer could not have known. It has not been modified because the protection is still active and the document still has its original password,'" Delbrouck said.
Following Delbrouck's revelations, which were posted Friday, Microsoft updated its Knowledge Base article to include the following warning: "When you are using the 'Password to Modify' feature, a malicious user may still be able to gain access to your password."
Delbrouck said there is no solution to the problem. Instead of using the protect feature, he advises companies sending sensitive information to use digital signatures or a different document format altogether, such as Adobe's PDF, which he has recommended to Dell in Germany.
David Bennie, Microsoft UK's Office product marketing manager, told
ZDNet UK that although Word's password protection is useful for
collaborating with colleagues, it is not a security feature and should not be relied upon as such.
"If (users) are using it as a security feature, then that is not
correct," Bennie said. He agreed that if a company wants to transport
documents securely, it should either use digital certificates or an
application such as Adobe Acrobat that can "lock down" the document.
"If you are looking for secure encryption, you should not be using this feature. We have lots of customers out there using password protection, but the reason they are doing that is to stop general users changing the text or whatever--and it works perfectly well for that," Bennie said.
However, Delbrouck countered that Microsoft is attempting to play down the problem because it cannot be fixed. "I doubt there is much they can do about it, because they have to be backward-compatible with their file format, which keeps changing," he said. "I think the only possible solution for them was to play down the problem."
Munir Kotadia of ZDNet UK reported from London. CNET News.com's Robert Lemos reported from San Francisco.