Microsoft Corp. warned users Tuesday about a security hole in its Word software, though the bug appears to be mild.
The flaw concerns macros, small scripts that can be used in Word to automate or speed up a number of operations. Normally, when documents are opened, the word processing software checks them for macros and warns the user if any are present, offering the option to allow them to be run or not. Word also checks any documents that the first file links to for macros, including templates.
The flaw comes into play in the unlikely instance that a user opens an RTF (rich text format) file that references a template with a macro embedded in it, Microsoft said. In this situation, when the RTF is opened, a macro can be run without warning the user. Such a macro could make some changes to Word, including enabling macros, even if the user had previously turned them off, according to the company.
Because the flaw only affects Word 97 and higher, and then only RTF files linked to a template, not Word files or unlinked RTF files, the flaw appears to be minor. Microsoft has issued a patch to fix the bug.
Macros have long been the province of annoying, but usually not terribly destructive, viruses.
Microsoft in Redmond, Wash., can be reached at http://www.microsoft.com/. The security bulletin and patches can be found at http://www.microsoft.com/technet/security/bulletin/MS01-028.asp.