A security researcher has issued an alert for a "serious security flaw" in the way document encryption is implemented in Microsoft's Word and Excel products, warning that a widely-used encryption algorithm is being misused by the software giant.

However, Microsoft officials are downplaying the threat, insisting that the reported flaw poses a very low threat for users of the two popular word processing programs.

Hongjun Wu, a researcher at the Institute for Infocomm Research in Singapore, said Microsoft is misusing the RC4 (Rivest Cipher 4) algorithm that is licensed from RSA Data Security.

"[W]hen an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is applied to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered easily," Wu said in an advisory.

The link for this article located at Ryan Naraine is no longer available.