Follow Slashdot stories on Twitter


Forgot your password?
Bug Microsoft Technology

Office 2003 Bug Locks Owners Out 247

I Don't Believe in Imaginary Property writes "A Microsoft Office 2003 bug is locking people out of their own files, specifically those protected with Microsoft's Rights Management Service. Microsoft has a TechNet bulletin on the issue with a fix. It looks like they screwed up and let a certificate expire. There's no information on when the replacement certificate will expire, though, or what will happen when it does."
This discussion has been archived. No new comments can be posted.

Office 2003 Bug Locks Owners Out

Comments Filter:
  • by AuMatar ( 183847 ) on Monday December 14, 2009 @03:44AM (#30428724)

    Luckily open office writes to an open, patent unencumbered format. So if you dislike the UI- find a fork with a better one. Or a completely different program. No vendor lock in.

  • by El Capitaine ( 973850 ) on Monday December 14, 2009 @04:00AM (#30428804)
    The cases where the user would be "hosed" are few to none.

    This bug only applies to documents protected with Rights Management Services, which is part of Active Directory and the Windows Server operating system.

    Therefore, the only way you would have an issue is if you were on a network that used RMS but had no internet connection, in which case you'd have your IT guy download a fix from some other internet-connected machine and deploy it to the systems with the bug.

    This will not affect people who are simply running their own copies of Office 2003 without RMS or Active Directory or any other fancy add-ons.
  • by broken_chaos ( 1188549 ) on Monday December 14, 2009 @04:03AM (#30428820)

    It's still vendor lock in if there's no competing product that reads their open formats.

    Umm... There are a huge number of programs that read/write ODF (OpenOffice's default format). Wikpedia has a fairly extensive list [] of software that handles the various ODF files.

  • by gandhi_2 ( 1108023 ) on Monday December 14, 2009 @04:08AM (#30428838) Homepage

    This has nothing to do with open formats.

    If you encrypt and digitally sign (aka DRM) your files, and loose the ability to decrypt them, you are in the same boat.

    This is a story about DRM, not formats. A story about the forgotten idea of key escrow idea and of DRM cert servers, not file formats.

  • Re:Any workarounds? (Score:3, Informative)

    by DavidRawling ( 864446 ) on Monday December 14, 2009 @04:08AM (#30428842)

    RMS is for controlling the documents once they are outside the organisation. They're encrypted, and you can't get the key unless the RMS server lets you have it. And only Office can decrypt, and the RMS allows the author to block the ability to do things like edit, print or forward the document to someone else.

    Some customers like the idea. When we implement it, rule #1 is "You no longer have sole control of the document". IIRC, there are ways to set RMS up so that internal people always have access - it'd be strange if that was what was broken.

  • Re:amazing... (Score:3, Informative)

    by AndGodSed ( 968378 ) on Monday December 14, 2009 @05:26AM (#30429122) Homepage Journal

    You are referencing a SCRIPT that was MEANT TO DO HARM.

    There is a difference. The "malware" was really a simple script that asked for root before it got installed and used pre-installed programs that are available in the Ubuntu install to ping a server and download a file from another to do... something nefarious.

    The easiest fix in the case of that script would be to force wget to launch with a tty attached instead of being launched in the background. Presto you have plugged a hole that this script exploited right there.

    Security holes will be found continuously, by both sides of the fight - it is just up to who finds them first that dictates which way that scenario goes. Now if you compare the proprietary vs the open source software vendor's security track records you will note that the OSS guys are doing rather better than the proprietary guys.

    Why? In OSS the source is available for those who protect AS WELL AS those who exploit, yet the exploits are less, and are patched quicker. In proprietary land the source is available ONLY to the vendors - yet exploits abound.

    Another point is that you are comparing a targeted attack on a discovered weakness to a possible software bug that migh cause problems in the future.

    Also, you forget that in the case we are discussing the fix HAS to come from Microsoft - they responded admirably quickly with a hotfix btw - but in the case of OpenOffice (for instance) you would be able to implement fixes from a larger number of vendors, or their partners or well meaning codesmiths all over the world.

    The odds just favour OSS in this scenario to perform better, and to be fixed quicker if something breaks.

  • by L4t3r4lu5 ( 1216702 ) on Monday December 14, 2009 @05:34AM (#30429152)

    Eventually the bigwigs get tired of the fact that they cannot understand how to use save-as-older-format, and they dislike having their underlings telling them to do things, and they cannot bear to find all the files they saved and re-save them before they downgrade back to the old version... So the entire company naturally has to pay to upgrade everyone.

    Or, the admins download and roll out the Microsoft Office Compatibility Pack [] and leave the CEO with his new shiny-shiny.

  • Re:Locks OUT!? (Score:4, Informative)

    by jimicus ( 737525 ) on Monday December 14, 2009 @06:17AM (#30429310)

    That's what happens when you hand the keys to your kingdom over to someone whose best interests don't align with your own.

    Saying you should avoid that is all very well but it's practically impossible in any business.

    Want to take out a loan? The moment the bank thinks you may be in trouble they can and will send you a rude letter saying "Repay the whole lot. Now."

    Want someone to do your accounts? Paying an outside company will be a sight cheaper than paying a wage to someone who you only need for a few weeks of the year, but the accounts they prepare will be full of disclaimers to the effect of "We have prepared these using information supplied by our client...." and it's you the tax man will come after if he smells a rat. Too bad if the office junior did your accounts and the senior person who signed them off was in a hurry to get home that day - they'll never admit it in a million years.

    Want an email, calendaring and contacts platform? Free clue: The F/OSS exchange alternatives are generally just as complicated as Exchange itself, with the added bonus that finding someone who knows them can be a hell of a lot harder.

  • Re:Unexpected error? (Score:5, Informative)

    by dargaud ( 518470 ) <slashdot2@gdarga[ ]net ['ud.' in gap]> on Monday December 14, 2009 @06:30AM (#30429362) Homepage
    I blame this kind of error messages on programmers who use exceptions. Instead of doing error checking within the routine that has the problem and crafting an error message in there, you just throw an exception, hoping for the caller to take care of it. If the caller doesn't then the exception keeps floating up until nobody has a clue to what the condition was, hence "unexpected error". I hate exceptions.
  • by deniable ( 76198 ) on Monday December 14, 2009 @06:45AM (#30429410)
    And then the admins get to deal with documents that can't be handled by the converter. I had one last month, had to install 2007 to open it. I forgot to check Open Office first though. 2007 isn't as bad as the problems '97 caused, but it still causes some.
  • by hairyfeet ( 841228 ) <> on Monday December 14, 2009 @07:53AM (#30429654) Journal

    Uhhhh...I hate to ruin a perfectly good rant and all, but you DO know they could just choose to get the compatibility pack [] if they wanted to, right? It is absolutely free, and works on any version of MS Office from Office 2K-2K3. Now if they are still using Office 97 I think they got bigger things to worry about than getting a newer version.

    Now I can't tell you how well it does/doesn't work on Office XP or 2K3, since I don't have those, but so far I haven't had any problems with my Office 2K opening 2K7 files with the compatibility pack. Supposedly you can now save to the new format with the compatibility pack, but since I just save as the Office 2K .doc file, which I've found opens just fine in 2K3 and 2K7, I can't comment on that.

    So while you may hate Office 2K7 for the bloat or the ribbon (man I hate that thing!) it really isn't hard to open the new formats in the old Office with the compatibility tool, at least that has been my experience.

  • by Anonymous Coward on Monday December 14, 2009 @08:17AM (#30429756)

    Compatability pack worse than OO.o for compatibility.

    Save a wodge and get OO.o instead.

  • by jargon82 ( 996613 ) on Monday December 14, 2009 @08:53AM (#30429924)
    Might be true in small companies. Big shops (even medium shops, that I've worked with) like to use a standard image. New machines are either wiped and rebuilt on arrival or come wiped in the first place.
  • by drinkypoo ( 153816 ) <> on Monday December 14, 2009 @09:37AM (#30430198) Homepage Journal

    Now if they are still using Office 97 I think they got bigger things to worry about than getting a newer version.

    What things are those? Office 97 met my needs just fine, the only reason I stopped using it is that it didn't support multiple monitors correctly, you'd put the app on the second monitor and pop up a menu, and the menu would pop up on the primary display! Goooooo Microsoft, yeah! Now THAT is quality. Now I'm back to one monitor, but I'm also on Ubuntu so I'm using OO.o.

  • by MadKeithV ( 102058 ) on Monday December 14, 2009 @09:58AM (#30430368)
    My parents are on OO.o, my girlfriend is on OO.o, and my NetBook is on OO.o. The universal response in this admittedly small sample has been: "hey, that looks a lot more like the Office I'm used to!".
    That's a Windows PC, an iMac, and a Linux netbook by the way.
  • by mattr ( 78516 ) <> on Monday December 14, 2009 @10:33AM (#30430714) Homepage Journal

    And how do you upgrade the PAYING customer with the draconian security policy?

    A totally cynical decision by Microsoft to make color palettes INCOMPATIBLE in when Office was upgraded has caused major troubles in our project. The Excel files we made, which need to use color in order to communicate complex data sets, get shown in front of large meetings and emailed to participants. I had to hand-edit many times to avoid embarrassment, the guys who didn't got embarrassed of course.

  • by marcansoft ( 727665 ) <(hector) (at) (> on Monday December 14, 2009 @11:24AM (#30431298) Homepage

    LyX is your friend. It's a wonderful WYSIWYM(ean) editor for LaTeX.

  • Re:Locks OUT!? (Score:1, Informative)

    by Anonymous Coward on Monday December 14, 2009 @12:24PM (#30432138)

    Want to take out a loan? The moment the bank thinks you may be in trouble they can and will send you a rude letter saying "Repay the whole lot. Now."

    Don't know about the US but in the UK you'd just say "no, I'll continue paying as per our present arrangement". If they wanted to, they could take you to court. You tell the judge you can't afford to repay the mortgage, and the court will order you to pay an amount you can afford. You volunteer to pay what you were already paying and the judge will almost certainly consider that reasonable and make an order to that effect. Or possibly dismiss the case (as you are already paying that amount) without making an order and tell the company's lawer not to waste the court's time. So in practice, the company won't even try this in the first place.
    Note this is regardless of any 'foreclosure' clause - which would as per above probably be invalid in this case under Uk consumer law.

    If you're talking about a case where you actually don't make one or more payments, then that's different. But you did say "the bank thinks you may be in trouble".

    Note I'm not an expert in this area, but I do live in the UK and I have seen lots of reports relating to house repossesion and I've never seen a simple case of 'we are forceclosing now despite you making full payments' succeed (unless there are other factors like use of house as crack den, disputed complex multi-loan structures, occupier part-demolishing house etc.)

  • by klui ( 457783 ) on Monday December 14, 2009 @12:56PM (#30432550)
    The compatibility pack does not work with SharePoint versioning. If you open up an Office x document, it will convert it but the system will not know you've checked it out and have it open for editing. I've had to ask coworkers to use non-x versions hosted on SharePoint servers.
  • by pixelpusher220 ( 529617 ) on Monday December 14, 2009 @01:43PM (#30433178)
    that's assuming MS actually lets you save documents in the older format. Back when 97 came out, initially (i.e. for months) there literally was no way to read a 97 format in 95 or earlier and no way to save in 95 format from 97. After a while they came out with the ability to save back into 95 format.

    But the message was clear, you shall upgrade whether you like it or not.
  • Who needs java? (Score:3, Informative)

    by IBitOBear ( 410965 ) on Monday December 14, 2009 @01:46PM (#30433224) Homepage Journal

    Er... Java is optional, and only required if you use the database engine (nobody does, because almost nobody knows when _not_ to use a spreadsheet, IMHO of course 8-) or some of accessibility and wizard thingies.

    One of the ACs gives the actual quote and reference.

    Plus (and I think core open office as well) dumped the larger desktop interface a long, long time ago.

    Try something recent, and try reading the documentation, before you rail against any product.

The intelligence of any discussion diminishes with the square of the number of participants. -- Adam Walinsky