DIY security fix for Office 2008

Stephen Withers
Tuesday, 29 January 2008 00:48

Your IT - Home IT

An Office 2008 installer error results in the suite's files being owned by the wrong user, but Microsoft has offered a manual fix until an update can be delivered.

The fix was described in Mac Mojo, the Office for Mac team blog. It requires the user to enter a pair of fairly lengthy Terminal commands to change the permissions and ownership of four folders and their contents.

The length of these commands mean they are wrapped across several lines on the web page, so one of the easiest ways of entering them correctly is to copy and paste them into TextEdit so the line breaks can be removed before copying and pasting the edited commands into Terminal.

The operation should be carried out from an account with administrator privileges.

Microsoft is working on an Office 2008 update to automate the process, which will be available via the Microsoft AutoUpdate utility and from the company's web site. That update had not been released at the time of writing.

Presumably the problem also will be corrected on future batches of the Office 2008 DVD.

The security risk presented by this error is minor, as the only account that has unwanted levels of access to the affected directories is the second user created on that system. One possible risk arises because even where just one person will be using a Mac, there is a recommendation that they create a second, non-administrator account for everyday use to mitigate potential risks associated with malware. There could be room for someone to exploit this situation to inject malicious code into one or more of Office's executable files.