Last month MacCentral brought readers news that Microsoft had identified a problem with Rich Text Format (RTF) files that utilize macros. At the time, however, Microsoft did not have a patch to fix Mac versions of Word affected by the problem. Now that patch is available for download from Microsoft’s Web site.
According to Microsoft, the security hole could potentially result in RTF files infecting a target system with Macro viruses. Normally, Word checks documents for embedded macros, first asking user permission before allowing the macros to load. Because of this security gap, it’s possible for Word users to unknowingly load a macro linked to an RTF document. This could ultimately result in the execution of broad varieties of malicious activity, including changing data, communicating with web sites, reformatting the hard drive or changing the Word security settings.
The patch can be downloaded on a Web page called Microsoft Word for Macintosh Security Update: Macro Vulnerability. The installer is available for download in both Binhex and MacBinary formats.
Although the patch will update either Word 98 or Word 2001, it’s important for users to make sure they’ve applied other updates before running the patch. Microsoft notes that Word 2001 users will need to make sure they’ve run the Office 2001 for Mac Service Release 1 prior to running the Macro Vulnerability patch; Word 98 users need to make sure that they’ve applied the Combined Updater for Office 98. The company also recommends that Mac OS X users reboot in Mac OS 9.1 before applying the patch.
Microsoft points out that this Macro vulnerability isn’t related to Word-formatted documents. Instead, the problem is only related to RTF documents that contain Macro code.