Holes in PowerPoint and Excel 277
jeffy124 writes: "Looks like it's time for IIS and Outlook to make room on the pedestal of security holes. Just about every recent version of PowerPoint and Excel are vulnerable to being taken over to control the system remotely. The hole is a macro-related, as it's possible to bypass asking the user if they'd like a macro to run. Microsoft's advisory can be found here."
Funny. I always thought that PowerPoint was already at least as destructive as macro viruses to corporate productivity. You ever watch a suit fiddle with his presentation?
Macs too (Score:2, Informative)
Linus likes PowerPoint (Score:1, Informative)
Not that it matters to me, but go ahead and knot up your undies in angst.
Re:This hole could be in more versions that listed (Score:3, Informative)
It's amazing! (Score:2, Informative)
The most amazing thing of all these virii it that they all exist only due to one (and no more than one) function in the whole VBA language:
That's wright we don't even need to kill the vector, all we need is to avoid the vectors to infect the host. This dam macro must not exist anymore!!!
Simple as that, and M$ doesn't seems to want to solve the problem.
Somebody tell the suits what this costs (Score:4, Informative)
IT has been trying to figure out how to fix the mail delays for a few months now with no progress, and I don't think they even care that it takes me so long to perform functions in the browser, but most of my work is done in web-based tools. MS has the world by the nuts, and they're milking us all!!! at least in my home I still have a choice.
Modifying Asimov's first law of robotics (Score:2, Informative)
I posted the following in various usenet groups last year. Given the recent events it is well worth the read...
Subject: Microsoft Applications Security
Date: 2000/05/28
http://groups.google.com/groups?selm=slrn8j2cen
"This continued virus threat is not ONLY an email or Outlook problem it extends to all Microsoft Office products, Microsofts internet explorer as well as a lot of third party software for the Microsoft OS platforms."
Even with all the patches, anti-virus scanners and proxy firewall, it will not stop the average user clicking on an embedded https:// URL link in an email and downloading and opening a Microsoft format document with an embedded script containing a new "unknown" virus/malware.
Office users share documents over the net all the time, the inclusion of executable blocking, "run script" dialogs and digital script "signing" is a big improvement, but it all can be circumvented by a little social engineering.