[ISN] Microsoft warns of PowerPoint, Excel vulnerabilities

From: InfoSec News (isnat_private)
Date: Mon Oct 08 2001 - 01:10:10 PDT

  • Next message: InfoSec News: "[ISN] Terrorism and the Tactics of Network Destruction"

    October 05, 2001
    Microsoft Corp. is warning users of a security hole in its popular
    Excel and PowerPoint software that could let malicious attackers take
    control of a victim's computer.
    The vulnerability affects Microsoft Excel 2000 and 2002 for Windows
    and PowerPoint 2000 and 2002 for Windows, as well as various versions
    of the software for the Macintosh platform, according to a Microsoft
    advisory posted Thursday.
    Patches for the affected software are available immediately and should
    be applied as soon as possible, Microsoft said in its advisory.
    The vulnerability exists in the way macros are detected in PowerPoint
    and Excel documents, according to the company.
    Macros are basically small pieces of code in applications such as
    PowerPoint and Excel that automate certain tasks, such as finding and
    replacing text, on behalf of the user.
    In the past, attackers have created malicious macros capable of
    deleting or changing files or moving them to different locations, and
    have hidden the code in PowerPoint and Excel documents.
    To deal with this threat, Microsoft has for sometime included a
    functionality in both applications that scans for the presence of
    macros in all PowerPoint and Excel documents. The feature alerts users
    if a macro is detected, allowing the user to decide whether to permit
    the macro to be executed.
    The vulnerability allows users to create PowerPoint and Excel
    documents that skirt this protection and allows macros to execute
    automatically without user permission, said Motoaki Yamamura, a senior
    development manager with Cupertino, Calif.-based Symantec Corp.
    security response team.
    As a result, a cracker could create and send PowerPoint and Excel
    documents which, when opened, would cause malicious code to run in the
    background without the victim's knowledge.
    Because users aren't alerted to the presence of a macro in such
    malformed documents, "They might feel secure, when in reality they are
    not," Yamamura said.
    It would require an attacker with a good understanding of the software
    and how Microsoft file formats are structured to exploit the hole,
    Yamamura said.
    The vulnerablity was first brought to Microsoft's notice about two
    months ago by Symantec.
    News of the latest hole comes, ironically enough, one day after
    Microsoft rolled out a companywide program called Strategic Technology
    Protection Program, which is aimed at making it easier for
    corporations to secure their Windows environments
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 03:01:43 PDT