Return-Path: <sentto-279987-2728-1002337067-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 05 Oct 2001 20:00:14 -0700 (PDT) Received: (qmail 25259 invoked by uid 510); 6 Oct 2001 02:57:48 -0000 Received: from n21.groups.yahoo.com (216.115.96.71) by 204.181.12.215 with SMTP; 6 Oct 2001 02:57:47 -0000 X-eGroups-Return: sentto-279987-2728-1002337067-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n21.groups.yahoo.com with NNFMP; 06 Oct 2001 02:57:47 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 6 Oct 2001 02:57:46 -0000 Received: (qmail 51390 invoked from network); 6 Oct 2001 02:57:46 -0000 Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 6 Oct 2001 02:57:46 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 6 Oct 2001 02:57:46 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id TAA26116 for iwar@onelist.com; Fri, 5 Oct 2001 19:57:46 -0700 Message-Id: <200110060257.TAA26116@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 5 Oct 2001 19:57:46 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Microsoft.Warns.Of.New.Macro.Problems.For.Office] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Microsoft Warns Of New Macro Problems For Office By Brian McWilliams, Newsbytes, 10/5/2001 <a href="http://www.newsbytes.com/news/01/170854.html">http://www.newsbytes.com/news/01/170854.html> A security flaw in Microsoft's popular spreadsheet and presentation programs could enable a malicious macro to run without warning, the company said Thursday. Microsoft has released patches for the affected versions of Excel and PowerPoint and recommends that users apply them immediately. While both applications include a security mechanism that prevents macros embedded in documents from running without the user's approval, the flaw could enable a malicious user to modify a document so that the program's integrated security scanner would not recognize an embedded macro. As a result, the macro could run automatically when the user opens the document. Macros are simple but powerful chains of commands that can be embedded in Microsoft Office documents to perform any command on the computer that could be performed by the user. While they are relied upon by legitimate users to automatically perform mundane tasks, macros are also popular with virus writers. The Melissa virus that spread worldwide in 1999 was a Word macro virus. The vulnerability announced Thursday appears similar to a macro checking bug discovered last June in another Microsoft Office product: the Word document-creation program. In its bulletin about the Word flaw, Microsoft at the time said "Though other Office applications use macros, Word is the only product affected by this vulnerability." According to Microsoft, the macro-checking flaws in Excel and PowerPoint were reported to the company by the Symantec Corp. Microsoft said the new flaws are present in both the Windows and Macintosh versions of the products. Excel 98 through Excel 2002 are vulnerable, as are PowerPoint 98 through PowerPoint 2002. Earlier versions of the programs are no longer supported and may or may not contain the vulnerability, according to the company. Microsoft's bulletin on the Excel and PowerPoint macro bugs is at <a href="http://www.microsoft.com/technet/security/bulletin/MS01-050.asp">http://www.microsoft.com/technet/security/bulletin/MS01-050.asp> . The bulletin on the Word macro flaw is at <a href="http://www.microsoft.com/technet/security/bulletin/MS01-034.asp">http://www.microsoft.com/technet/security/bulletin/MS01-034.asp> . ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST