Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Volume Licensing infringement?
From: Steve Friedl <steve () unixwiz net>
Date: Mon, 30 Jan 2006 16:53:32 -0800

On Mon, Jan 30, 2006 at 06:15:23PM -0600, Randall M wrote:
Anyone on here get an email from MS volume licensing services stating that
all XP office and 2003 professional needs updated to remove the 3rd party
Patent infringement?

Yes, its seems to be the real deal. I can't find the announcement on
Microsoft's site, but this one is representative of the ones I've seen.


        Microsoft Office: Action Required

        (01-27-06) - Background and Summary

        A recent decision from a court case has determined that
        certain portions of code found in Microsoft Office Professional
        Edition 2003, Microsoft Office Access 2003, Microsoft Office
        XP Professional and Microsoft Office Access 2002 infringe a
        third-party patent.  As a result, Microsoft must make available
        a revised version of these products with the allegedly infringing[*]
        code replaced.


It references a KB article on the Microsoft site which talks about Office
SP2 removing certain features:


        Because of legal issues, Microsoft has disabled the functionality in
        Access 2003 and in Access 2002 that let users change the data in linked
        tables that point to a range in an Excel workbook. However, when you
        make changes directly in the Excel workbook, the changes appear in
        the linked table in Access.

Volume licensees are *required* to install Office SP2 with new deployments,
but are only *requested* to do so for existing deployments. I'm not sure
that they can require anybody else to do this, though bundling the "fix"
in with other stuff which was released months ago means that lots of people
probably have it by now.

I think this undermines a lot of the perceived benefits of Microsoft's
indemnification, which is one of their features over open source. It
doesn't mean they'll go to the mat for the users, it just means that
they'll quietly disable functionality and tell us about it we've installed
the service pack containing the disablement.

Anybody can do *that*.


[*] Seen elsewhere: "allegedly infringing"? If a court ruled, it's not "alleged"
    any more.

Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]