Microsoft investigates flaw in Word

September 13, 2002

Microsoft is investigating a security hole in Word. It says the flaw could allow the theft of computer files by "bugging" a document with a hidden code.

Redmond-based software giant is exploring how to patch the hole and whether to extend the repair to an older version of the software still used by millions.

The attack begins when a specially crafted bugged document goes out, typically with a request to be revised and returned to the sender — a common form of daily communication. When the document is changed and sent back, the targeted file accompanies it.

The flaw could probably be exploited in the workplace, where MS Word is the most well known word processing software. Likely targets for stealing are sensitive legal contracts, payroll records or e-mails, either from a hard drive or computer network, depending on the victim's access to files.

Microsoft said in a statement: "The issue appears to affect all versions of Microsoft Word. When the investigation is completed, we will take the action that best serves Microsoft's customers."

However it appears that an old incarnation - Word 97 - is most susceptible. Microsoft said it is its policy to no longer repair Word 97, but said the company is still exploring the issue.

A research firm reported in May that about 32% of offices have copies of Word 97 running.