COMMAND

    Microsoft Office

SYSTEMS AFFECTED

    Win systems running Microsoft Office 95 and 97

PROBLEM

    Alan Lustiger posted following.   He discovered what looks like  a
    major hole in Microsoft Office (95 and 97) passworded files.

    While the files are encrypted (and I know that the Office 95  file
    encryption is laughably weak), *the file attachments are not.*  So
    if you attach a Visio picture or Excel spreadsheet to a passworded
    Word file, they are saved in the clear.  Any ASCII file viewer can
    be used to easily verify this.  Needless to say, one can get a lot
    of information  from attachments.   This problem  exists for  both
    Word and Excel, 95 and 97.  However, this ISN't Office Fault; but
    OLE one's.  Still, you got a problem.

SOLUTION

    Alan e-mailed to secure@microsoft.com  and never received a  reply
    besides the boilerplate  "if we consider  this a security  problem
    we'll  contact  you  within  one  business  day,  otherwise   call
    support."

    So if you  really want to  safeguard your MS  Office files, use  a
    third-party encryption package.