Microsoft Corp. is again facing criticism from security experts after a researcher posted instructions for circumventing a password feature in the company's popular Microsoft Word word processing program.
The feature is designed to protect the content of specific elements of Word documents, such as forms or comments, from reviewers. However, a user can find and erase the password for the feature by saving the Word document as an HTML (Hypertext Markup Language) file and then viewing it with a simple text editor, according to a security alert posted Saturday to the Bugtraq security newsgroup.
Microsoft introduced a number of new security features in Word, Outlook and other products with the release of Office 2003 in October under the heading of "information rights management."
The features are based on Microsoft's Windows Rights Management Service technology, part of Windows Server 2003, and are designed to allow organizations to prevent digital content from being copied or modified without the author's knowledge. The new rights management features allow Word users to assign file permissions based on user roles, restrict printing and set expiration dates after which files cannot be opened.
Microsoft acknowledges on its Web page that the password feature is less secure than other security features, such as those allowing users to lock entire documents with a password. (See: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/office/office2000/reskit/ork2000/html/65t2_2.asp.)