Office 97 security breech
- To: s*@MAELSTROM.STJOHNS.EDU
- Subject: Office 97 security breech
- From: C* Q* B*
- Date: Mon, 2 Aug 1999 14:55:08 -0400
Hi All -
I received this from a computer club line and do not believe that it is a
hoax. I also heard about it on the news this morning. So, while it might
not be "on topic", I sent it anyway in order to alert you.
Carolyn Q. Bryson
>Date: Sun, 01 Aug 1999 15:55:53 -0500
>To: etu@etu.net
>From: Block Consulting <jblock@iquest.net>
>Subject: Office 97 security breech
>
>I hate to see this, but must pass it along. It is from Woody's Window
>Watch, by Woody Leonhard, the Office Guru.
>
>You can Sign up for his newsletters at http://www.mcc.com.au/www/index.htm.
>
>>OFFICE 97 SECURITY HOLE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>This isn't a new Office virus, it's worse than that. It
>>is a new way to infect your computer that bypasses the
>>existing protections in Windows itself or anti-virus
>>software. Now the trick is known, it's possible for an
>>existing virus to be amended to use this newly discovered
>>backdoor into your computer.
>>With any new security problem there's a lot of guesswork
>>and rumor around the Internet. This issue of WOW aims to
>>give you the facts as we know them at the time of
>>publication and debunk some of the more fanciful rumors.
>>Requests for information or comment from Microsoft have
>>received no substantive reply despite the passing of a few
>>days. However we're grateful to our informants for filling
>>us in on the details, in particular the NYBugTraq
>>discussion list.
>>We can't go into a lot of detail about the security leak
>>because to do so might provide assistance to people with
>>malicious intent, that is balanced against the need of
>>legitimate users to know what to guard against.
>>The problem is in the Jet v3.51 database engine that Office
>>97 uses to process database queries. This system isn't
>>just used by Access 97, it's also used by at least Excel 97
>>when you import data into a worksheet.
>>This means that you could open an Excel worksheet that has
>>some malicious code in it and, without warning, the
>>worksheet could delete essential files or otherwise disrupt
>>or destroy your computer. There's no current protection
>>against this from Microsoft or any anti-virus product.
>>Since Windows and Office is tightly integrated with the
>>Internet you can start an Excel worksheet that has this
>>trap without your knowledge through a web page or HTML
>>email link.
>>This isn't a new macro virus that the anti-virus companies
>>can add to their library of viral nasties. It's a new
>>method of entry to your computer that no-one is currently
>>checking for.
>>That's why there's lots of concerned people around this
>>weekend. The rush is on to close this backdoor into
>>Windows before the hackers take advantage.
>>
>>
>>
>>WHO IS AFFECTED? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>At this stage only Office 97 users are known to be
>>affected, even if you have Office Standard (ie no Access
>>database program installed) because the Jet v3.51 system is
>>installed for other parts of Office 97 to use.
>>One report from Microsoft suggested that not all versions
>>of Office 97 are affected but no details have been
>>forthcoming so it's best to presume that all Office 97's
>>are vulnerable until we hear definitively otherwise.
>>Microsoft is suggesting that the problem can only occur
>>with Excel 97 and while that's the most likely method of
>>transmission, other experts say that at least Word can call
>>Jet with similar results. Again, its best to assume that
>>Office 97 generally is vulnerable until the experts have
>>come to a consensus.
>>Office 2000 uses an updated version 4.0 of the Jet system
>>which does not have this problem - so Office 2000 users can
>>rest easy this time.
>>
>>THE FIX TO COME ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>At the time of going to press there's no fix available.
>>There were suggestions from Microsoft that downloading the
>>Jet v4.0 engine would fix the problem - but compatibility
>>difficulties plus a 8MB download make the cure possibly
>>worse than the disease. Microsoft Data Access Components
>>version 2.1, which contains Jet 4.0, is available
>>at http://www.microsoft.com/data/. Microsoft has now
>>withdrawn that suggestion pending a closer examination of
>>the situation.
>>So we're waiting to hear what Microsoft will supply to fix
>>this problem - presumably a patch for Jet 3.51 or an
>>smoother way to upgrade to Jet 4.0.
>>Hopefully they'll move quickly - more quickly than anyone
>>who wants to take advantage of this most recent lapse.
>>
>>RUMOR CONTROL ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>"You have to have Access 97 (ie Office Professional or
>>above) to have this problem."
>>- Wrong. The ODBC/Jet engine is installed on most
>>Office 97 systems for database access via other
>>Office programs.
>>" Only Windows 95 / 98 are affected "
>>- Wrong. Windows NT and 2000 are also vulnerable.
>>" Microsoft knew about this problem but haven't moved to
>>create a fix until public disclosure forced them to act. "
>>- This story arises because Jet 4.0 has protection
>>against this problem. Microsoft denies the
>>allegation. In all probability we'll never know but
>>given Microsoft's poor track record you'd be
>>entitled to think the worst.
>>If you have any questions or information about this latest
>>security problem (maybe you want to check a story you've
>>heard) send WOW a message
>>w*@woodyswatch.com and we'll check it out.
>>Once a patch is released and more hard information is
>>available we'll notify you, if necessary with a special
>>edition of WOW later this week.
>
>
>Jerry
>
>
>
>Gerald W. Block
>j*@iquest.net
>b*@indy.net
>http://members.iquest.net/~jblock
>
>Vice President
>Indianapolis Computer Society
>Members Of APCUG
>Product Review Editor INDY PC NEWS
>
>Page me on ICQ at
>9577401
>
>Telephone # (317) 253-9027
>Fax # (317)475-1212 or
>Efax # (509) 300-7932
>
>
