Microsoft has released Network Security Updater, a patch for Office X that’s designed to overcome a problem in which a “malformed” network request can cause the application to fail.
Office X contains a network-aware anti-piracy mechanism that detects multiple copies of Office using the same product identifier (PID) running on the local network. It seems that this feature, called the Network Product Identification (PID) Checker, announces Office’s own unique product ID and listens for other announcements at regular intervals. If a duplicate PID is detected, Office shuts down.
A security vulnerability results because of a flaw in the Network PID Checker, according to Microsoft. Specifically, the Network PID Checker doesn’t correctly handle a particular type of malformed announcement; receiving one causes the Network PID Checker to fail. When the Network PID fails in this way, the Office X application will fail as well. If more than one Office X application was running when the packet was received, the first application launched during the session would fail.
An attacker could use this vulnerability to cause other users’ Office applications to fail, with the loss of any unsaved data, Microsoft warns. An attacker could craft and send this packet to a victim’s machine directly, by using the machine’s IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines
An attack wouldn’t affect the stability of the underlying operating system, nor allow an attacker to alter or delete data, Microsoft says. Also, a successful attach could only cause one application to fail on a machine: specifically, the first Office X application loaded of those running when the attack occurs. All other Office X applications would continue to function normally. This vulnerability results because the network PID checking feature fails to handle exceptional circumstances properly.
Microsoft noted that the Network Security Updater can only be applied if you’re using the latest version of Office v.X: 10.0.1 (1407). Instructions for figuring out whether you’re using that version are given on the Network Security Updater Web page.